<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.3.8) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-tiloca-t2trg-sw-update-groupcomm-02" category="exp" submissionType="IRTF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="SW Update with CoAP Group communication">Distribution of Software Updates with End-to-End Secure Group Communication and Block-Wise Transfer for CoAP</title>
    <seriesInfo name="Internet-Draft" value="draft-tiloca-t2trg-sw-update-groupcomm-02"/>
    <author initials="M." surname="Tiloca" fullname="Marco Tiloca">
      <organization>RISE AB</organization>
      <address>
        <postal>
          <street>Isafjordsgatan 22</street>
          <city>Kista</city>
          <code>164 40</code>
          <country>Sweden</country>
        </postal>
        <email>marco.tiloca@ri.se</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>Thing-to-Thing Research Group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 108?>

<t>This document defines a method for efficiently distributing a software update to multiple target devices, by using end-to-end secure group communication over UDP and IP multicast. To this end, the defined method relies on a number of building blocks developed in the Constrained RESTful Environments (CoRE) Working Group of the IETF. Those especially include the Constrained Application Protocol (CoAP), Block-wise transfers for CoAP, and the end-to-end security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE). The method defined in this document is compatible with (but not dependent on) the architecture for software and firmware update developed in the Software Updates for Internet of Things (SUIT) Working Group of the IETF.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
  Thing-to-Thing Research Group mailing list (t2trg@irtf.org),
  which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/t2trg/"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
  <eref target="https://gitlab.com/crimson84/draft-tiloca-t2trg-sw-update-groupcomm"/>.</t>
    </note>
  </front>
  <middle>
    <?line 113?>

<section anchor="intro">
      <name>Introduction</name>
      <t>Throughout the operational phase of their lifecycle, it is vital that devices can effectively receive and install required software (SW) updates. This is important not only in order to add and extend features or to improve performance, but also and especially in order to address and prevent security vulnerabilities. In turn, the distribution of SW updates in itself has to be a secure and efficient process that scales well with the size of the software update and with the number of target devices.</t>
      <t>This document defines a method for efficiently distributing a SW update to multiple target devices, by using end-to-end secure group communication over UDP and IP multicast. To this end, the defined method relies on a number of building blocks developed in the Constrained RESTful Environments (CoRE) Working Group of the IETF. Those especially include the Constrained Application Protocol (CoAP) <xref target="RFC7252"/>, Block-wise transfers for CoAP <xref target="RFC7959"/>, and the end-to-end security protocol Group Object Security for Constrained RESTful Environments (Group OSCORE) <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      <t>The defined method leverages a CoAP-to-CoAP proxy deployed between the CoAP target devices to update and a CoAP server acting as Distributor of the SW update. The proxy communicates with the Distributor using CoAP over TCP <xref target="RFC8323"/> and retrieves the next-in-line "inner chunk" of the SW update from the Distributor, by using Block-wise Extension for Reliable Transport (BERT) <xref target="RFC8323"/>. A CoAP response originated by the Distributor and conveying an inner chunk is protected end-to-end between the Distributor and the target devices, by using Group OSCORE.</t>
      <t>When a target device contacts the proxy for obtaining the latest SW update, the proxy relies on the use of Group OSCORE defined in <xref target="I-D.ietf-core-cacheable-oscore"/>. That is, it retrieves the next-in-line inner chunk from the Distributor if not already available in its cache and then caches the response that conveys the inner chunk. After that, building on concepts from <xref target="I-D.ietf-core-observe-multicast-notifications"/>, the proxy replies to the target device with an error response, informing about the time when it is going to distribute the inner chunk and providing transport-specific information for receiving that inner chunk.</t>
      <t>When that time comes, the proxy transmits the inner chunk to all the target devices by further splitting it into smaller "outer chunks", each of which is conveyed by a CoAP response over UDP and IP multicast using Block-wise transfer <xref target="RFC7959"/>. At the end of such transfer, the target devices are allowed to selectively request outer chunks that they have missed for the current inner chunk.</t>
      <t>After the proxy declares the transfer of the current inner chunk completed, the process is repeated for the next inner chunk, which the proxy retrieves from the Distributor and transmits to the target devices as above. Eventually, the proxy completes the transfer of the last inner chunk. After that, as a new request comes from a target device to retrieve the latest SW update, the proxy restarts the process by retrieving the first inner chunk and providing it to the target devices.</t>
      <t>This document also defines how to counteract an attack against availability that an active adversary could easily perform by manipulating the CoAP responses sent by the proxy to the target devices and conveying the small outer chunks. The attack is neutralized by having a short checksum value computed by the proxy and included in such responses. By recomputing and verifying the checksum, target devices can thus promptly detect a possible manipulation of an outer chunk and discard the response conveying it as invalid.</t>
      <t>The method defined in this document is compatible with (but not dependent on) the architecture for SW and firmware update specified in <xref target="RFC9019"/> and developed in the Software Updates for Internet of Things (SUIT) Working Group of the IETF.</t>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
        <?line -18?>

<t>Readers are expected to be familiar with the terms and concepts related to:</t>
        <ul spacing="normal">
          <li>
            <t>CoAP <xref target="RFC7252"/>, also used for group communication <xref target="I-D.ietf-core-groupcomm-bis"/> and over TCP <xref target="RFC8323"/>.</t>
          </li>
          <li>
            <t>The CoAP extensions Observe <xref target="RFC7641"/> and Block-wise <xref target="RFC7959"/>.</t>
          </li>
          <li>
            <t>The security protocols OSCORE <xref target="RFC8613"/> and Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>, and the use of the latter to enable cacheability of protected CoAP responses <xref target="I-D.ietf-core-cacheable-oscore"/>.</t>
          </li>
          <li>
            <t>The Concise Data Definition Language (CDDL) <xref target="RFC8610"/>, Concise Binary Object Representation (CBOR) <xref target="RFC8949"/>, and CBOR Object Signing and Encryption (COSE) <xref target="RFC9052"/><xref target="RFC9053"/>.</t>
          </li>
        </ul>
        <t>This document also relies on the following terminology:</t>
        <ul spacing="normal">
          <li>
            <t>Image: a binary that can contain the complete SW of a device, or part of it. The image might be in turn structured in multiple images, and the corresponding SW might specifically be a firmware. Also, it might consist of a differential update in the interest of performance.</t>
          </li>
          <li>
            <t>Manifest: a collection of metadata about the image and author. The manifest is generated by the author and protected against modifications.</t>
          </li>
          <li>
            <t>Author: the entity that generates the image and the associated manifest.</t>
          </li>
          <li>
            <t>Device: target of a SW update as intended to obtain and consume an image.</t>
          </li>
          <li>
            <t>Distributor: the entity that distributes the image and the associated manifest on behalf of the author.</t>
          </li>
          <li>
            <t>Manifest resource: a resource hosted at the Distributor, with a manifest as its representation. This resource is observable <xref target="RFC7641"/>.</t>
          </li>
          <li>
            <t>Image resource: a resource hosted at the Distributor, with an image as its representation.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="sec-building-blocks">
      <name>Building Blocks</name>
      <t>The distribution method defined in this document largely relies on a number of building blocks that are summarized in the following subsections.</t>
      <section anchor="sec-building-blocks-coap">
        <name>CoAP</name>
        <t>CoAP is a web-transfer protocol specified in <xref target="RFC7252"/>. It relies on the client-server message exchange model and builds on the Representational State Transfer (REST) paradigm for accessing and manipulating resource representations hosted at a server. CoAP messages can be very compact and, besides a payload and a mandatory header, can include CoAP options that indicate the additional use of protocol extensions and optional features. The mandatory header includes a variable-length Token field whose value is used to associate a response with a corresponding request. CoAP is typically transported over UDP, but it can also be used over reliable transports such as TCP and WebSockets <xref target="RFC8323"/>.</t>
        <t>CoAP natively supports proxies deployed between origin client endpoints and origin server endpoints. Main reasons to deploy proxies include: relaying messages between origin endpoints that cannot directly interact with one another; caching response messages to serve requests from origin clients more efficiently and avoiding repeatedly interacting with origin servers; and performing protocol translation across different communication legs. Proxy operations for CoAP are detailed in <xref section="5.7" sectionFormat="of" target="RFC7252"/>.</t>
        <t>CoAP also natively supports group communication <xref target="I-D.ietf-core-groupcomm-bis"/>. That is, an origin client can send a single group request targeting multiple recipient servers at once, e.g., over UDP and IP multicast. The servers can individually reply to that group request by sending their unicast responses, each of which is associated by Token value with the same group request.</t>
      </section>
      <section anchor="sec-building-blocks-observe">
        <name>CoAP Observe</name>
        <t>Observe is an extension for CoAP specified in <xref target="RFC7641"/>. When using Observe, a client accesses a resource at a server by additionally requesting to be registered as an observer for that resource. A successful response from the server can confirm the client to have become a registered observer. In such a case, following updates in the resource representation will result in the server sending notification responses to the client. Each of such notification responses conveys the current resource representation and is associated by Token value with the request originally sent by the client to start the observation. This extension relies on the CoAP Observe Option included in the original observation request and in each notification response.</t>
      </section>
      <section anchor="sec-building-blocks-block-wise">
        <name>CoAP Block-wise Transfer</name>
        <t>Block-wise is an extension for CoAP specified in <xref target="RFC7959"/>. With the intent to avoid message fragmentation at lower layers, Block-wise enables message senders to split their large-size application data to transmit (body) into multiple, smaller data units referred to as blocks. This process occurs at the CoAP layer and results in sequentially sending each block of the same body as the payload of a different CoAP message. The message recipient can re-assemble the original body once all the corresponding blocks are received. This extension relies on the CoAP Block1 and Block2 Options. Those are appropriately included in request and response messages to either describe the block conveyed in the present message or to control the Block-wise transfer process.</t>
        <t>For the case where CoAP is transported over reliable transports such as TCP, <xref target="RFC8323"/> also specifies Block-wise Extension for Reliable Transport (BERT), which relies on the same CoAP Block1 and Block2 Options as also explicitly indicating the use of BERT. In practice, a BERT message conveys in its payload one or more blocks of size 1024 bytes, with the possible exception of the BERT message conveying the last block that can have a smaller size.</t>
      </section>
      <section anchor="sec-building-blocks-oscore">
        <name>OSCORE</name>
        <t>Object Security for Constrained RESTful Environments (OSCORE) is a security protocol specified in <xref target="RFC8613"/>. OSCORE protects CoAP messages end-to-end between the origin endpoint producing application data and the other origin endpoint consuming that data.</t>
        <t>To this end, it takes as input an outgoing CoAP message and produces as output an OSCORE-protected CoAP message that includes the CoAP OSCORE Option. When receiving the OSCORE-protected message, the recipient endpoint relies on the information in the OSCORE Option to attempt decrypting and verifying the message. By using CBOR <xref target="RFC8949"/> for data encoding and COSE <xref target="RFC9052"/> for security operations, OSCORE has a lightweight impact on message sizes and performance.</t>
        <t>OSCORE ensures end-to-end confidentiality, integrity, and source authentication of messages, as well as replay protection. Each OSCORE-protected response is cryptographically bound to the corresponding request, also when Observe <xref target="RFC7641"/> is used and thus multiple notification responses are bound to the same observation request.</t>
        <t>These security properties hold also in the presence of (untrusted) proxies deployed between the two OSCORE endpoints. Since OSCORE selectively protects different parts of a CoAP message, it hides as much as possible from possibly deployed proxies, while keeping the proxies able to perform their intended tasks. Furthermore, since the OSCORE processing of a CoAP message results in another CoAP message, OSCORE is independent of the specific transport underlying CoAP and used to transport CoAP messages (e.g., UDP or TCP). Therefore, OSCORE works wherever CoAP works.</t>
        <t>In order to use OSCORE, two CoAP endpoints have to first establish an OSCORE Security Context including the necessary parameters and keying material. OSCORE is agnostic of how exactly the Security Context is established. A possible way is the lightweight authenticated key exchange protocol Ephemeral Diffie-Hellman Over COSE (EDHOC) <xref target="RFC9528"/>.</t>
      </section>
      <section anchor="sec-building-blocks-group-oscore">
        <name>Group OSCORE</name>
        <t>Group OSCORE is a security protocol specified in <xref target="I-D.ietf-core-oscore-groupcomm"/>. By building on OSCORE <xref target="RFC8613"/> and extending its construct, Group OSCORE protects CoAP messages end-to-end between endpoints that use CoAP in a group communication setup <xref target="I-D.ietf-core-groupcomm-bis"/>.</t>
        <t>Also by relying on CBOR <xref target="RFC8949"/> and COSE <xref target="RFC9052"/>, Group OSCORE ensures end-to-end confidentiality, integrity, and source authentication of messages, as well as replay protection. All the protected responses originated by different servers and corresponding to the same group request are cryptographically bound to such request.</t>
        <t>Messages protected with Group OSCORE also include a CoAP OSCORE Option that indicates the recipient endpoint how to attempt decrypting and verifying an incoming message. Like OSCORE, Group OSCORE works wherever CoAP works, also in the presence of proxies.</t>
        <t>Group OSCORE provides two modes for protecting messages, allowing to choose the mode to use on a per-message basis. The main difference between the two modes is about the way used to ensure source authentication of the protected message:</t>
        <ul spacing="normal">
          <li>
            <t>When using the group mode (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), the message is first encrypted with keying material that every group member can derive, and then it is signed by using the private key of the sender endpoint. The resulting signature is placed at the end of the CoAP payload of the protected message and then separately encrypted in order to contrast tracking of endpoints across different groups. As a result, all group members are able to decrypt the message and to verify that the message sender is the alleged group member. The group mode is typically used to protect requests that are sent to the whole group, i.e., that are intended to all CoAP servers in the group.</t>
          </li>
          <li>
            <t>When using the pairwise mode (see <xref section="8" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>), the message is protected by using an authenticated encryption algorithm. The encryption key to use is derived from the asymmetric authentication credentials of the sender endpoint and the single recipient endpoint, by means of a static-static Diffie-Hellman key derivation performed locally. As a result, only the intended recipient is able to decrypt the message and to verify that the message sender is the alleged group member. The pairwise mode is typically used to protect a response that is individually sent by a server in the group.</t>
          </li>
        </ul>
        <t>In order to use Group OSCORE, a CoAP endpoint has to join an OSCORE group and effectively become a member. The join process is typically assisted by a Group Manager entity that is responsible for the OSCORE group and that might enforce access control when deciding whether to admit new endpoints requesting to join the group. As a result of a successful join process, a CoAP endpoint obtains the necessary parameters and keying material to set up a Group OSCORE Security Context and consequently use Group OSCORE with the other group members. A possible realization of Group Manager is specified in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>, where the join process is based on the ACE framework for authentication and authorization in constrained environments <xref target="RFC9200"/>.</t>
      </section>
      <section anchor="sec-building-blocks-mult-notif">
        <name>Observe multicast notifications</name>
        <t>According to the original use of CoAP Observe <xref target="RFC7641"/>, two CoAP clients interested in registering a resource observation at a server will yield two distinct observations.</t>
        <t>However, some applications involve multiple clients that are all interested in observing the same resource at the same server. While the original approach remains usable, an alternative and more scalable approach is specified in <xref target="I-D.ietf-core-observe-multicast-notifications"/>.</t>
        <t>This second approach takes advantage of group communication for CoAP and relies on the CoAP server to initiate a group observation at itself, e.g., upon receiving a first traditional observation request from a client. To this end, the server composes a cosmetic phantom observation request and sends it to itself without hitting the wire, in order to start the corresponding group observation.</t>
        <t>When a client sends a traditional observation request targeting that resource, the server replies with an informative error response conveying: i) the phantom observation request associated with the group observation; and ii) transport-specific information that is needed for receiving the notification responses in the group observation. That information includes the CoAP Token value used for the phantom observation request and the multicast address where observe notifications will be sent to. This effectively aligns all the interested clients to the same common knowledge required for participating in the group observation and receiving the multicast notification responses.</t>
        <t>Consequently, when the representation of the observed resource at the server changes, the server sends a single observe notification response over UDP and IP multicast, thus targeting all the clients that are taking part in the group observation. All such observe multicast notifications include the same CoAP Token value used in the phantom observation request. The recipient clients have been instructed on how to receive such observe multicast notifications when obtaining the individual informative error response from the server.</t>
        <t>The observe multicast notifications can be protected end-to-end between the server and the clients, by using Group OSCORE in group mode <xref target="I-D.ietf-core-oscore-groupcomm"/>. Since the server uses Group OSCORE also to protect the phantom observation request that started the group observation, all the observe notifications in the group observation are cryptographically bound to such phantom observation request, and thereby verifiable to pertain to the group observation in question.</t>
      </section>
      <section anchor="sec-building-blocks-cacheable-oscore">
        <name>Cacheable OSCORE</name>
        <t>It is typically possible to rely on a deployed proxy to store in its cache some classes of CoAP responses received from origin servers. That allows the proxy to quicker serve later requests from CoAP clients that produce a cache hit, by replying with the cached response instead of obtaining a new response from the origin server.</t>
        <t>If CoAP messages are protected with OSCORE <xref target="RFC8613"/> or Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>, effective caching of responses is not achievable anymore. That is, even if two clients wish to send the same plain CoAP request, the two resulting protected requests will be different and thus will not result in a cache hit at the proxy. Therefore, separately for each of the two clients, the proxy has to retrieve a new response from the origin server. The same holds also when considering the same client that wishes to send the same plain CoAP request at different points in time.</t>
        <t>In order to overcome this limitation, the approach defined in <xref target="I-D.ietf-core-cacheable-oscore"/> builds on Group OSCORE and restores the effective cacheability of protected responses.</t>
        <t>According to this approach, any client in the OSCORE group can also act as a specific "Deterministic Client" and use the corresponding keying material known to all the group members. When acting as the Deterministic Client, any two clients in the group that protect the same plain CoAP request will produce the same protected "Deterministic Request", which is thereby usable to produce a cache hit at a caching proxy.</t>
        <t>The construct that makes this possible relies on the following design points: i) Deterministic Requests are computed by using a variation of the pairwise mode of Group OSCORE; ii) responses to a Deterministic Request are protected by using the group mode of Group OSCORE.</t>
        <t>This approach restores cacheability of protected responses while sacrificing some security properties of the protected Deterministic Requests, which in fact are replays and have no source authentication. However, this is deemed acceptable and harmless for the particular, narrow scope targeted by this approach, whose applicability is limited to content retrieval through read-only requests that are safe in the REST sense. Servers that want to be even more conservative can additionally limit themselves to accept only Deterministic Requests that target specific resources, or even that match byte-by-byte with Deterministic Requests that are known in advance.</t>
      </section>
    </section>
    <section anchor="sec-arch">
      <name>Architecture</name>
      <t>This section describes the architecture considered in the rest of this document when defining the method for distributing SW updates.</t>
      <figure anchor="fig-architecture">
        <name>Architecture Overview</name>
        <artset>
          <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="768" width="576" viewBox="0 0 576 768" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
              <path d="M 8,48 L 8,144" fill="none" stroke="black"/>
              <path d="M 32,128 L 32,584" fill="none" stroke="black"/>
              <path d="M 104,128 L 104,312" fill="none" stroke="black"/>
              <path d="M 104,328 L 104,440" fill="none" stroke="black"/>
              <path d="M 104,456 L 104,584" fill="none" stroke="black"/>
              <path d="M 136,80 L 136,144" fill="none" stroke="black"/>
              <path d="M 168,448 L 168,512" fill="none" stroke="black"/>
              <path d="M 256,128 L 256,528" fill="none" stroke="black"/>
              <path d="M 328,80 L 328,144" fill="none" stroke="black"/>
              <path d="M 352,128 L 352,584" fill="none" stroke="black"/>
              <path d="M 376,304 L 376,528" fill="none" stroke="black"/>
              <path d="M 392,464 L 392,496" fill="none" stroke="black"/>
              <path d="M 408,256 L 408,456" fill="none" stroke="black"/>
              <path d="M 440,48 L 440,144" fill="none" stroke="black"/>
              <path d="M 448,352 L 448,416" fill="none" stroke="black"/>
              <path d="M 472,176 L 472,344" fill="none" stroke="black"/>
              <path d="M 512,536 L 512,624" fill="none" stroke="black"/>
              <path d="M 512,672 L 512,704" fill="none" stroke="black"/>
              <path d="M 552,352 L 552,416" fill="none" stroke="black"/>
              <path d="M 552,464 L 552,496" fill="none" stroke="black"/>
              <path d="M 568,304 L 568,528" fill="none" stroke="black"/>
              <path d="M 8,48 L 440,48" fill="none" stroke="black"/>
              <path d="M 136,80 L 328,80" fill="none" stroke="black"/>
              <path d="M 8,144 L 24,144" fill="none" stroke="black"/>
              <path d="M 40,144 L 96,144" fill="none" stroke="black"/>
              <path d="M 112,144 L 136,144" fill="none" stroke="black"/>
              <path d="M 328,144 L 344,144" fill="none" stroke="black"/>
              <path d="M 360,144 L 440,144" fill="none" stroke="black"/>
              <path d="M 448,176 L 472,176" fill="none" stroke="black"/>
              <path d="M 264,256 L 280,256" fill="none" stroke="black"/>
              <path d="M 328,256 L 344,256" fill="none" stroke="black"/>
              <path d="M 376,304 L 400,304" fill="none" stroke="black"/>
              <path d="M 416,304 L 464,304" fill="none" stroke="black"/>
              <path d="M 480,304 L 568,304" fill="none" stroke="black"/>
              <path d="M 40,320 L 184,320" fill="none" stroke="black"/>
              <path d="M 232,320 L 248,320" fill="none" stroke="black"/>
              <path d="M 448,352 L 552,352" fill="none" stroke="black"/>
              <path d="M 112,384 L 184,384" fill="none" stroke="black"/>
              <path d="M 232,384 L 248,384" fill="none" stroke="black"/>
              <path d="M 448,416 L 552,416" fill="none" stroke="black"/>
              <path d="M 40,448 L 160,448" fill="none" stroke="black"/>
              <path d="M 176,448 L 184,448" fill="none" stroke="black"/>
              <path d="M 232,448 L 256,448" fill="none" stroke="black"/>
              <path d="M 392,464 L 552,464" fill="none" stroke="black"/>
              <path d="M 392,496 L 552,496" fill="none" stroke="black"/>
              <path d="M 112,512 L 168,512" fill="none" stroke="black"/>
              <path d="M 376,528 L 568,528" fill="none" stroke="black"/>
              <path d="M 512,704 L 520,720" fill="none" stroke="black"/>
              <path d="M 520,672 L 528,688" fill="none" stroke="black"/>
              <path d="M 496,688 L 504,672" fill="none" stroke="black"/>
              <path d="M 504,720 L 512,704" fill="none" stroke="black"/>
              <polygon class="arrowhead" points="520,536 508,530.4 508,541.6" fill="black" transform="rotate(270,512,536)"/>
              <polygon class="arrowhead" points="456,176 444,170.4 444,181.6" fill="black" transform="rotate(180,448,176)"/>
              <polygon class="arrowhead" points="416,256 404,250.4 404,261.6" fill="black" transform="rotate(270,408,256)"/>
              <polygon class="arrowhead" points="352,256 340,250.4 340,261.6" fill="black" transform="rotate(0,344,256)"/>
              <polygon class="arrowhead" points="272,256 260,250.4 260,261.6" fill="black" transform="rotate(180,264,256)"/>
              <polygon class="arrowhead" points="256,384 244,378.4 244,389.6" fill="black" transform="rotate(0,248,384)"/>
              <polygon class="arrowhead" points="256,320 244,314.4 244,325.6" fill="black" transform="rotate(0,248,320)"/>
              <polygon class="arrowhead" points="120,512 108,506.4 108,517.6" fill="black" transform="rotate(180,112,512)"/>
              <polygon class="arrowhead" points="120,384 108,378.4 108,389.6" fill="black" transform="rotate(180,112,384)"/>
              <polygon class="arrowhead" points="48,448 36,442.4 36,453.6" fill="black" transform="rotate(180,40,448)"/>
              <polygon class="arrowhead" points="48,320 36,314.4 36,325.6" fill="black" transform="rotate(180,40,320)"/>
              <circle cx="168" cy="448" r="6" class="opendot" fill="white" stroke="black"/>
              <circle cx="464" cy="368" r="6" class="closeddot" fill="black"/>
              <circle cx="464" cy="384" r="6" class="closeddot" fill="black"/>
              <circle cx="464" cy="400" r="6" class="closeddot" fill="black"/>
              <g class="text">
                <text x="204" y="36">OSCORE</text>
                <text x="256" y="36">group</text>
                <text x="36" y="116">Dev1</text>
                <text x="72" y="116">...</text>
                <text x="108" y="116">DevN</text>
                <text x="256" y="116">Proxy</text>
                <text x="384" y="116">Distributor</text>
                <text x="400" y="180">/manifest</text>
                <text x="412" y="196">(observable)</text>
                <text x="404" y="228">/image/foo</text>
                <text x="304" y="260">(a)</text>
                <text x="208" y="324">(b)</text>
                <text x="524" y="340">Manifest</text>
                <text x="208" y="356">...</text>
                <text x="492" y="372">Size</text>
                <text x="208" y="388">(b)</text>
                <text x="508" y="388">Location</text>
                <text x="488" y="404">...</text>
                <text x="208" y="452">(c)</text>
                <text x="536" y="452">Image</text>
                <text x="136" y="484">...</text>
                <text x="440" y="484">0x01ab...</text>
                <text x="16" y="564">...</text>
                <text x="68" y="564">........</text>
                <text x="228" y="564">..............................</text>
                <text x="368" y="564">...</text>
                <text x="8" y="580">:</text>
                <text x="376" y="580">:</text>
                <text x="192" y="596">:.............................................:</text>
                <text x="84" y="612">End-to-end</text>
                <text x="164" y="612">security</text>
                <text x="220" y="612">with</text>
                <text x="264" y="612">Group</text>
                <text x="316" y="612">OSCORE</text>
                <text x="16" y="660">(a)</text>
                <text x="52" y="660">CoAP</text>
                <text x="92" y="660">over</text>
                <text x="132" y="660">TCP,</text>
                <text x="176" y="660">using</text>
                <text x="220" y="660">BERT</text>
                <text x="252" y="660">to</text>
                <text x="300" y="660">transfer</text>
                <text x="512" y="660">O</text>
                <text x="56" y="676">large</text>
                <text x="104" y="676">inner</text>
                <text x="156" y="676">chunks</text>
                <text x="196" y="676">of</text>
                <text x="224" y="676">the</text>
                <text x="264" y="676">image</text>
                <text x="16" y="708">(b)</text>
                <text x="52" y="708">CoAP</text>
                <text x="92" y="708">over</text>
                <text x="128" y="708">UDP</text>
                <text x="16" y="740">(c)</text>
                <text x="52" y="740">CoAP</text>
                <text x="92" y="740">over</text>
                <text x="128" y="740">UDP</text>
                <text x="160" y="740">and</text>
                <text x="188" y="740">IP</text>
                <text x="244" y="740">multicast,</text>
                <text x="312" y="740">using</text>
                <text x="380" y="740">Block-wise</text>
                <text x="44" y="756">to</text>
                <text x="92" y="756">transfer</text>
                <text x="152" y="756">small</text>
                <text x="200" y="756">outer</text>
                <text x="252" y="756">chunks</text>
                <text x="292" y="756">of</text>
                <text x="320" y="756">the</text>
                <text x="360" y="756">image</text>
                <text x="516" y="756">Author</text>
              </g>
            </svg>
          </artwork>
          <artwork type="ascii-art" align="center"><![CDATA[
                      OSCORE group
+-----------------------------------------------------+
|                                                     |
|               +-----------------------+             |
|               |                       |             |
| Dev1 ... DevN |            Proxy      | Distributor |
|  |        |   |              |        |  |          |
+--|--------|---+              |        +--|----------+
   |        |                  |           |
   |        |                  |           | /manifest <--+
   |        |                  |           | (observable) |
   |        |                  |           |              |
   |        |                  |           | /image/foo   |
   |        |                  |           |              |
   |        |                  |<-- (a) -->|      ^       |
   |        |                  |           |      |       |
   |        |                  |           |      |       |
   |        |                  |           |  +---|-------|-----------+
   |<------------------ (b) -->|           |  |   |       |           |
   |        |                  |           |  |   |       |  Manifest |
   |        |           ...    |           |  |   |    +------------+ |
   |        |                  |           |  |   |    | * Size     | |
   |        |<--------- (b) -->|           |  |   |    | * Location | |
   |        |                  |           |  |   |    | * ...      | |
   |        |                  |           |  |   |    +------------+ |
   |        |                  |           |  |   |                   |
   |<---------------o-- (c) ---+           |  |   |             Image |
   |        |       |          |           |  | +-------------------+ |
   |        |  ...  |          |           |  | | 0x01ab...         | |
   |        |       |          |           |  | +-------------------+ |
   |        |<------+          |           |  |                       |
   |        |                  |           |  +-----------------------+
   |        |                              |                   ^
...............................................                |
:  |        |                              |  :                |
:.............................................:                |
     End-to-end security with Group OSCORE                     |
                                                               |

(a) CoAP over TCP, using BERT to transfer                      O
    large inner chunks of the image                           .+.
                                                             / | \
(b) CoAP over UDP                                              +
                                                              / \
(c) CoAP over UDP and IP multicast, using Block-wise
    to transfer small outer chunks of the image              Author
]]></artwork>
        </artset>
      </figure>
      <t>As shown in <xref target="fig-architecture"/>, the architecture consists of the following actors:</t>
      <ul spacing="normal">
        <li>
          <t>The Author is responsible for building and issuing the new version of the image, together with the corresponding manifest.  </t>
          <t>
The manifest <bcp14>MUST</bcp14> be signed by the author and <bcp14>MUST</bcp14> include at least the following information:  </t>
          <ul spacing="normal">
            <li>
              <t>The total size of the image.</t>
            </li>
            <li>
              <t>A location URI, i.e., the URI of the image resource at the Distributor from where it is possible to retrieve the image.</t>
            </li>
            <li>
              <t>The Author's digital signature computed over (a digest of) the image.</t>
            </li>
          </ul>
          <t>
A possible manifest format that can be used is specified in <xref target="RFC9124"/>, with its corresponding CBOR-based serialization format specified in <xref target="I-D.ietf-suit-manifest"/>.</t>
        </li>
        <li>
          <t>The Distributor acts as a CoAP server, hosts the manifest and the image issued by the Author, and distributes those to the target Devices via the Proxy, as described in <xref target="sec-process"/>.  </t>
          <t>
At the Distributor, the following applies separately for each SW component X that can be updated.  </t>
          <ul spacing="normal">
            <li>
              <t>The Distributor hosts one observable manifest resource. At any point in time, the representation of the manifest resource is the latest manifest issued for X.</t>
            </li>
            <li>
              <t>For each different image released for X, the Distributor hosts one different image resource, whose representation is that image of X.      </t>
              <t>
More generally, the Distributor stores any two released images of any SW component as representations of two different image resources, hence identified by different URIs. For example, the URIs can differ as to their path components or query components.      </t>
              <t>
With reference to the manifest available as current representation of the manifest resource for X, the location URI specified within that manifest identifies the image resource whose representation is the image of X that has been released latest and is associated with that manifest.      </t>
              <t>
For simplicity of presentation, <xref target="fig-architecture"/> refers to a Distributor that is responsible for a single SW component, whose latest manifest is stored as the representation of the manifest resource at /manifest. Within that manifest, the location URI for the image associated with the manifest identifies the resource at /image/foo, whose representation is the latest released image in question.      </t>
              <t>
The criteria for retaining and eventually deleting image resources for old images are to be defined by application policies.</t>
            </li>
          </ul>
        </li>
        <li>
          <t>The Proxy is responsible for retrieving the manifest and the image from the Distributor and for practically sending those to the target Devices, as described in <xref target="sec-process"/>.  </t>
          <t>
The Proxy communicates with the Distributor using CoAP over TCP <xref target="RFC8323"/>. In particular, the Proxy retrieves the image from the Distributor by using BERT <xref target="RFC8323"/>. Each of such BERT responses from the Distributor includes exactly one block and conveys an "inner chunk" of the image.  </t>
          <t>
The Proxy communicates with the target Devices using CoAP over UDP. Specifically when providing the Devices with the image, the Proxy sends CoAP responses over UDP and IP multicast, as described in <xref target="sec-distribution"/>. Each of such responses uses Block-wise transfer for CoAP <xref target="RFC7959"/> and conveys an "outer chunk" of the currently transferred inner chunk of the image.</t>
        </li>
        <li>
          <t>The Devices obtain SW updates of interest from the Distributor, by directly interacting with the Proxy, as described in <xref target="sec-process"/>.  </t>
          <t>
At a high-level, a Device first learns about the availability of a new image for a SW component of interest, by receiving the corresponding manifest in an Observe notification response pertaining to the manifest resource at the Distributor.  </t>
          <t>
After that, each interested Device independently enrolls in a distribution process driven by the Proxy. During that process, the Device receives the image as a set of inner chunks that the Distributor provides to the Proxy.  </t>
          <t>
In particular, the Proxy provides the Devices with the inner chunks by further splitting each of those into smaller outer chunks, which constitute the actual unit of distribution. Each outer chunk is conveyed by a Block-wise response sent by the Proxy to all the enrolled target Devices over UDP and IP multicast.  </t>
          <t>
Once received all the inner chunks, the Devices rebuild the actual image and perform further checks against the corresponding manifest before consuming the image.</t>
        </li>
      </ul>
      <t>Secure communication is ensured end-to-end between the Distributor and the Devices. To this end, the Distributor and the Devices have to be members of the same OSCORE group, and therefore able to protect their exchanged messages using the security protocol Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>. In particular, the following applies:</t>
      <ul spacing="normal">
        <li>
          <t>Every response originated by the Distributor is protected by using the group mode of Group OSCORE (see <xref section="7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>).</t>
        </li>
        <li>
          <t>Every request originated by the Devices and targeting a resource at the Distributor are Deterministic Requests protected with Group OSCORE, according to the construct defined in <xref target="I-D.ietf-core-cacheable-oscore"/>.</t>
        </li>
      </ul>
      <t>The process of joining the OSCORE group is driven by a responsible Group Manager. For example, it can rely on the realization of Group Manager specified in <xref target="I-D.ietf-ace-key-groupcomm-oscore"/>, where the join process is based on the ACE framework for authentication and authorization in constrained environments <xref target="RFC9200"/>.</t>
      <t>The method defined in this document is agnostic of such a join process and related provisioning of keying material for Group OSCORE. At the same time, it does benefit from the Group Manager entity taking care of the provisioning of keying material. In particular, the Distributor does not need to know the exact Devices that are members of the OSCORE group, or any keying material or authentication credential related to those. This allows the Distributor to seamlessly distribute SW updates over time, without needing to be aware of possible membership changes within the OSCORE group.</t>
      <t>As ultimately in charge with the membership of the OSCORE Group, the responsible Group Manager has to appropriately admit/refuse new members and evict current members as needed, thus ensuring that only Devices that are supposed to obtain a SW update can effectively do so.</t>
    </section>
    <section anchor="sec-process">
      <name>Distribution Process</name>
      <t>This section describes the distribution process in detail, building on the architecture presented in <xref target="sec-arch"/>. After an overview of its design goals in <xref target="sec-design-goals"/>, the process is presented as composed of two main parts.</t>
      <t>The first part is described in <xref target="sec-release-notif"/> and concerns the advertisement of a newly available SW update, by providing target Devices with the corresponding manifest through Observe notification responses.</t>
      <t>The second part is described in <xref target="sec-distribution"/> and concerns the actual distribution of the image to the target Devices. This is based on the Distributor providing large inner chunks of the image to the Proxy, which further splits each of those into smaller outer chunks that are sent to the target Devices.</t>
      <t>For simplicity of presentation, but with no loss of generality, the following considers a Distributor as responsible for a single SW component and only two Devices as target of updates for that SW component.</t>
      <section anchor="sec-design-goals">
        <name>Design Goals</name>
        <t>The distribution method builds on the following design goals.</t>
        <ul spacing="normal">
          <li>
            <t>Ensure end-to-end secure communication between the Devices and the Distributor.  </t>
            <t>
This goal is addressed by using Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/> to protect the messages exchanged by the Devices and the Distributor through the Proxy.  </t>
            <t>
The use of Group OSCORE is facilitated by a Group Manager that provides the necessary parameters and keying material to the intended group members, which is therefore not a concern for the Distributor.</t>
          </li>
          <li>
            <t>Limit interactions and exchanges with the Distributor.  </t>
            <t>
This goal is achieved by means of the Proxy deployed between the Devices and the Distributor and specifically relying on:  </t>
            <ul spacing="normal">
              <li>
                <t>Large-size inner chunks that the Distributor provides to the Proxy, by using BERT <xref target="RFC8323"/>.</t>
              </li>
              <li>
                <t>Cacheable protected responses that are cached at the Proxy as per the construct defined in <xref target="I-D.ietf-core-cacheable-oscore"/>, thereby sparing the retrieval of a cached inner chunk from the Distributor.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Limit interactions and exchanges with the Devices.  </t>
            <t>
This goal is achieved by means of the Proxy deployed between the Devices and the Distributor and specifically relying on:  </t>
            <ul spacing="normal">
              <li>
                <t>Cacheable protected responses that are cached at the Proxy as per the construct defined in <xref target="I-D.ietf-core-cacheable-oscore"/>, thereby enabling the Proxy to quicker serve Devices' requests from its cache.</t>
              </li>
              <li>
                <t>Responses sent by the Proxy to the Devices over UDP and IP multicast, building on concepts defined for observe multicast notifications in <xref target="I-D.ietf-core-observe-multicast-notifications"/>.</t>
              </li>
              <li>
                <t>Transferring outer chunks from the Proxy to the Devices in an uninterrupted, back-to-back fashion, thus avoiding the downsides of a synchronous, lock-step process based on the original Block-wise transfer <xref target="RFC7959"/>.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>Accommodate Devices over constrained network links.  </t>
            <t>
This goal is achieved by means of the Proxy using small outer chunks (e.g., 64 bytes each in size) as the actual unit of distribution, when providing a SW update to the Devices.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-release-notif">
        <name>Release and Notification of SW Update</name>
        <t>This part of the process is devoted to inform the Devices about a newly released SW update as available at the Distributor.</t>
        <t>A Device interested in obtaining SW updates for that SW component has to know the URI of the corresponding manifest resource at the Distributor and be able to access that resource through the Proxy.</t>
        <t>In order to be informed of a newly available SW update, the Device performs the following actions.</t>
        <ol spacing="normal" type="1"><li>
            <t>The Device composes an observation request <xref target="RFC7641"/> targeting the manifest resource at the Distributor.</t>
          </li>
          <li>
            <t>The Device protects the observation request from Step 1 with Group OSCORE, specifically using the construct defined in <xref target="I-D.ietf-core-cacheable-oscore"/> and therefore producing a Deterministic Request.</t>
          </li>
          <li>
            <t>The Device sends the Deterministic Request from Step 2 to the Proxy.  </t>
            <t>
If the Deterministic Request does not produce a cache hit at the Proxy (e.g., as the first of this kind sent by any Device), the Proxy forwards the Deterministic Request to the Distributor, thereby registering itself as the actual observer at the Distributor. The Proxy caches the corresponding successful response from the Distributor and forwards it back to the Device.  </t>
            <t>
Otherwise, the Proxy does not interact with the Distributor, but instead promptly replies to the Device, by using the response stored in the identified cache entry.</t>
          </li>
          <li>
            <t>Upon receiving a first successful notification response, the Device obtains the latest manifest and is subscribed for automatically receiving future manifests released for the same SW component.</t>
          </li>
        </ol>
        <t>When releasing a new SW update, the Author uploads the corresponding manifest and image on the Distributor. As discussed in <xref target="sec-arch"/>, those become available at the manifest resource and at a new, dedicated image resource hosted by the Distributor, respectively. After that, the Distributor sends a notification response to the observer Proxy, conveying the newly released manifest.</t>
        <t>The Proxy stores the notification response in the cache entry that it uses to store responses for that observation, by overwriting the current content of the entry. Finally, the Proxy forwards that notification response to the observer Devices. Upon receiving the notification response, the observer Devices obtain the new manifest, thus becoming aware of the new SW update and of the corresponding image resource at the Distributor.</t>
        <t>In setups where multiple Proxies are deployed and each assists a different set of Devices, the Distributor can use as a possible optimization the approach defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>, whose use in network setups that leverage proxies is described in <xref target="I-D.ietf-core-multicast-notifications-proxy"/>. Consequently, following the release of a new SW update, the Distributor sends a single observe notification response over UDP and IP multicast, thereby providing all the observer Proxies at once with the latest manifest corresponding to the newly released SW update.</t>
        <t><xref target="fig-example-notification"/> shows an example of message exchange where the two Devices obtain the latest manifest from the Distributor through the Proxy.</t>
        <figure anchor="fig-example-notification">
          <name>Example of Notification of SW Update</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="768" width="568" viewBox="0 0 568 768" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,48 L 8,752" fill="none" stroke="black"/>
                <path d="M 192,48 L 192,136" fill="none" stroke="black"/>
                <path d="M 192,152 L 192,424" fill="none" stroke="black"/>
                <path d="M 192,440 L 192,752" fill="none" stroke="black"/>
                <path d="M 376,48 L 376,272" fill="none" stroke="black"/>
                <path d="M 376,336 L 376,576" fill="none" stroke="black"/>
                <path d="M 376,640 L 376,752" fill="none" stroke="black"/>
                <path d="M 560,48 L 560,752" fill="none" stroke="black"/>
                <path d="M 8,144 L 552,144" fill="none" stroke="black"/>
                <path d="M 384,256 L 560,256" fill="none" stroke="black"/>
                <path d="M 16,432 L 376,432" fill="none" stroke="black"/>
                <path d="M 192,560 L 368,560" fill="none" stroke="black"/>
                <path d="M 200,736 L 376,736" fill="none" stroke="black"/>
                <polygon class="arrowhead" points="560,144 548,138.4 548,149.6" fill="black" transform="rotate(0,552,144)"/>
                <polygon class="arrowhead" points="392,256 380,250.4 380,261.6" fill="black" transform="rotate(180,384,256)"/>
                <polygon class="arrowhead" points="376,560 364,554.4 364,565.6" fill="black" transform="rotate(0,368,560)"/>
                <polygon class="arrowhead" points="376,144 364,138.4 364,149.6" fill="black" transform="rotate(0,368,144)"/>
                <polygon class="arrowhead" points="208,736 196,730.4 196,741.6" fill="black" transform="rotate(180,200,736)"/>
                <polygon class="arrowhead" points="24,432 12,426.4 12,437.6" fill="black" transform="rotate(180,16,432)"/>
                <g class="text">
                  <text x="20" y="36">Dev1</text>
                  <text x="196" y="36">Dev2</text>
                  <text x="376" y="36">Proxy</text>
                  <text x="520" y="36">Distributor</text>
                  <text x="56" y="68">Protected</text>
                  <text x="116" y="68">Det.</text>
                  <text x="156" y="68">Req.</text>
                  <text x="424" y="68">Protected</text>
                  <text x="484" y="68">Det.</text>
                  <text x="524" y="68">Req.</text>
                  <text x="40" y="84">FETCH</text>
                  <text x="408" y="84">FETCH</text>
                  <text x="44" y="100">Token:</text>
                  <text x="100" y="100">0xaabb</text>
                  <text x="412" y="100">Token:</text>
                  <text x="468" y="100">0xabcd</text>
                  <text x="52" y="116">Observe:</text>
                  <text x="96" y="116">0</text>
                  <text x="420" y="116">Observe:</text>
                  <text x="464" y="116">0</text>
                  <text x="40" y="132">[Enc:</text>
                  <text x="80" y="132">GET</text>
                  <text x="140" y="132">/manifest]</text>
                  <text x="408" y="132">[Enc:</text>
                  <text x="448" y="132">GET</text>
                  <text x="508" y="132">/manifest]</text>
                  <text x="424" y="180">Protected</text>
                  <text x="488" y="180">Resp.</text>
                  <text x="404" y="196">2.05</text>
                  <text x="412" y="212">Token:</text>
                  <text x="468" y="212">0xabcd</text>
                  <text x="420" y="228">Observe:</text>
                  <text x="468" y="228">42</text>
                  <text x="408" y="244">[Enc:</text>
                  <text x="440" y="244">{</text>
                  <text x="484" y="244">Manifest</text>
                  <text x="532" y="244">}]</text>
                  <text x="380" y="292">Response</text>
                  <text x="372" y="308">stored</text>
                  <text x="412" y="308">in</text>
                  <text x="360" y="324">the</text>
                  <text x="400" y="324">cache</text>
                  <text x="56" y="356">Protected</text>
                  <text x="120" y="356">Resp.</text>
                  <text x="36" y="372">2.05</text>
                  <text x="44" y="388">Token:</text>
                  <text x="100" y="388">0xaabb</text>
                  <text x="52" y="404">Observe:</text>
                  <text x="100" y="404">42</text>
                  <text x="40" y="420">[Enc:</text>
                  <text x="72" y="420">{</text>
                  <text x="116" y="420">Manifest</text>
                  <text x="164" y="420">}]</text>
                  <text x="240" y="484">Protected</text>
                  <text x="300" y="484">Det.</text>
                  <text x="340" y="484">Req.</text>
                  <text x="224" y="500">FETCH</text>
                  <text x="228" y="516">Token:</text>
                  <text x="284" y="516">0xccdd</text>
                  <text x="236" y="532">Observe:</text>
                  <text x="280" y="532">0</text>
                  <text x="224" y="548">[Enc:</text>
                  <text x="264" y="548">GET</text>
                  <text x="324" y="548">/manifest]</text>
                  <text x="380" y="596">Response</text>
                  <text x="368" y="612">found</text>
                  <text x="404" y="612">in</text>
                  <text x="360" y="628">the</text>
                  <text x="400" y="628">cache</text>
                  <text x="240" y="660">Protected</text>
                  <text x="304" y="660">Resp.</text>
                  <text x="220" y="676">2.05</text>
                  <text x="228" y="692">Token:</text>
                  <text x="284" y="692">0xccdd</text>
                  <text x="236" y="708">Observe:</text>
                  <text x="284" y="708">42</text>
                  <text x="224" y="724">[Enc:</text>
                  <text x="256" y="724">{</text>
                  <text x="300" y="724">Manifest</text>
                  <text x="348" y="724">}]</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Dev1                  Dev2                  Proxy          Distributor
|                      |                      |                      |
| Protected Det. Req.  |                      | Protected Det. Req.  |
| FETCH                |                      | FETCH                |
| Token: 0xaabb        |                      | Token: 0xabcd        |
| Observe: 0           |                      | Observe: 0           |
| [Enc: GET /manifest] |                      | [Enc: GET /manifest] |
+-------------------------------------------->+--------------------->|
|                      |                      |                      |
|                      |                      | Protected Resp.      |
|                      |                      | 2.05                 |
|                      |                      | Token: 0xabcd        |
|                      |                      | Observe: 42          |
|                      |                      | [Enc: { Manifest }]  |
|                      |                      |<---------------------+
|                      |                      |                      |
|                      |                   Response                  |
|                      |                   stored in                 |
|                      |                   the cache                 |
|                      |                      |                      |
| Protected Resp.      |                      |                      |
| 2.05                 |                      |                      |
| Token: 0xaabb        |                      |                      |
| Observe: 42          |                      |                      |
| [Enc: { Manifest }]  |                      |                      |
|<--------------------------------------------+                      |
|                      |                      |                      |
|                      |                      |                      |
|                      | Protected Det. Req.  |                      |
|                      | FETCH                |                      |
|                      | Token: 0xccdd        |                      |
|                      | Observe: 0           |                      |
|                      | [Enc: GET /manifest] |                      |
|                      +--------------------->|                      |
|                      |                      |                      |
|                      |                   Response                  |
|                      |                   found in                  |
|                      |                   the cache                 |
|                      |                      |                      |
|                      | Protected Resp.      |                      |
|                      | 2.05                 |                      |
|                      | Token: 0xccdd        |                      |
|                      | Observe: 42          |                      |
|                      | [Enc: { Manifest }]  |                      |
|                      |<---------------------+                      |
|                      |                      |                      |
]]></artwork>
          </artset>
        </figure>
      </section>
      <section anchor="sec-distribution">
        <name>Distribution of SW Update</name>
        <t>The distribution of an image to target Devices is driven by the Proxy and organized into epochs, each of which is in turn composed of different phases, as shown in <xref target="fig-epoch-overview"/>.</t>
        <t>Each epoch is devoted to transferring exactly one inner chunk of the image, by providing the target Devices with all the corresponding outer chunks.</t>
        <t>After completing the epoch during which the last inner chunk of the image has been transferred, the next epoch is devoted to transfer again the first inner chunk of the image, i.e., the transfer of the whole image is repeated.</t>
        <figure anchor="fig-epoch-overview">
          <name>Overview of a Transfer Epoch and its Phases</name>
          <artset>
            <artwork type="svg" align="center"><svg xmlns="http://www.w3.org/2000/svg" version="1.1" height="192" width="552" viewBox="0 0 552 192" class="diagram" text-anchor="middle" font-family="monospace" font-size="13px" stroke-linecap="round">
                <path d="M 8,64 L 8,176" fill="none" stroke="black"/>
                <path d="M 16,64 L 16,176" fill="none" stroke="black"/>
                <path d="M 112,128 L 112,176" fill="none" stroke="black"/>
                <path d="M 200,64 L 200,176" fill="none" stroke="black"/>
                <path d="M 288,128 L 288,176" fill="none" stroke="black"/>
                <path d="M 376,64 L 376,176" fill="none" stroke="black"/>
                <path d="M 464,128 L 464,176" fill="none" stroke="black"/>
                <path d="M 472,128 L 472,176" fill="none" stroke="black"/>
                <path d="M 504,64 L 504,176" fill="none" stroke="black"/>
                <path d="M 512,64 L 512,176" fill="none" stroke="black"/>
                <g class="text">
                  <text x="24" y="36">Epoch</text>
                  <text x="456" y="36">Epoch</text>
                  <text x="520" y="36">Epoch</text>
                  <text x="24" y="52">start</text>
                  <text x="464" y="52">end</text>
                  <text x="520" y="52">start</text>
                  <text x="112" y="68">|</text>
                  <text x="288" y="68">|</text>
                  <text x="468" y="68">||</text>
                  <text x="112" y="100">t_A</text>
                  <text x="288" y="100">t_B</text>
                  <text x="464" y="100">t_C</text>
                  <text x="536" y="100">...</text>
                  <text x="64" y="148">Admission</text>
                  <text x="140" y="148">Full</text>
                  <text x="244" y="148">Recovery</text>
                  <text x="332" y="148">Recovery</text>
                  <text x="420" y="148">Epilogue</text>
                  <text x="536" y="148">...</text>
                  <text x="156" y="164">Transfer</text>
                  <text x="232" y="164">Claim</text>
                  <text x="332" y="164">Transfer</text>
                </g>
              </svg>
            </artwork>
            <artwork type="ascii-art" align="center"><![CDATA[
Epoch                                                 Epoch   Epoch
start                                                   end   start
||           |          |          |          |          ||   ||
||                      |                     |               ||
||          t_A         |         t_B         |         t_C   || ...
||                      |                     |               ||
||           |          |          |          |          ||   ||
|| Admission | Full     | Recovery | Recovery | Epilogue ||   || ...
||           | Transfer | Claim    | Transfer |          ||   ||
||           |          |          |          |          ||   ||
]]></artwork>
          </artset>
        </figure>
        <t>The following describes in detail the operations performed by a Device and by the Proxy during the transfer of an image.</t>
        <section anchor="sec-distribution-device">
          <name>Device Operations</name>
          <t>Following the reception of a manifest as described in <xref target="sec-release-notif"/>, a Device can ask the Proxy to distribute the next inner chunk of the image.</t>
          <t>To this end, the Device sends to the Proxy a protected Deterministic Request as defined in <xref target="I-D.ietf-core-cacheable-oscore"/>. The Deterministic Request is computed by using the Group OSCORE Security Context shared between the Device and the Distributor. The original unprotected CoAP request is such that:</t>
          <ul spacing="normal">
            <li>
              <t>The request method is GET.</t>
            </li>
            <li>
              <t>The target is the image resource at the Distributor.</t>
            </li>
          </ul>
          <t>Once produced the protected Deterministic Request, the Device includes the Block2 Option as an outer option intended for the Proxy. Its value specifies NUM = 0, M = 0, and SZX = 2 (i.e., a block size of 64 bytes).</t>
          <t>When sending such a request, the Device might not know what the current phase of the current epoch is at the Proxy, or what inner chunk is meant to be transferred in the current epoch. As defined in <xref target="sec-distribution-proxy"/>, the Proxy guides the Devices about the next actions to take, by providing information on the current status of the image transfer. From a high-level point of view, the following applies to each epoch:</t>
          <ul spacing="normal">
            <li>
              <t>A Device can enroll in the reception of the inner chunk for the current epoch, by sending its Deterministic Request during the "Admission" phase. Consequently, the Device obtains instructions for receiving that inner chunk, which the Proxy distributes as split into corresponding outer chunks during the immediately following "Full Transfer" phase.</t>
            </li>
            <li>
              <t>A Device can ask the Proxy to re-send an outer chunk that was not correctly received (e.g., it was lost in transmission or got corrupted), by sending the Deterministic Request during the "Recovery Claim" phase and indicating the required outer chunk by means of the NUM field of the outer Block2 Option. Consequently, the Device obtains instructions for receiving the re-sent outer chunk, which the Proxy distributes during the immediately following "Recovery Transfer" phase.</t>
            </li>
            <li>
              <t>If a Device has not enrolled during the "Admission" phase but attempts to enroll on-the-fly later on during the epoch, that Device will be instructed to enroll again at the next epoch.</t>
            </li>
          </ul>
          <t>A Device completes the retrieval of an inner chunk once it has received all the corresponding outer chunks from the Proxy, rebuilt the inner chunk from those, and successfully verified and decrypted the rebuilt CoAP response protected with Group OSCORE and conveying the inner chunk.</t>
          <t>A Device completes the retrieval of the whole image once it has received all the corresponding inner chunks from the Proxy. The Device is able to simply verify whether that holds, by checking the cumulated size of the obtained inner chunks against the total size of the image that is specified within the manifest.</t>
          <t>If needed, the Device is also able to correctly reorder the obtained inner chunks. To this end, the Device relies on the indication provided during each epoch by the Proxy through the "progress_indicator" parameter, which is included in responses sent by the Proxy during the "Admission" and "Recovery Claim" phases. As detailed in <xref target="sec-distribution-proxy"/>, the parameter indicates the index of the inner chunk transferred in the current epoch.</t>
        </section>
        <section anchor="sec-distribution-proxy">
          <name>Proxy Operations</name>
          <t>The following describes the operations performed by the Proxy.</t>
          <section anchor="sec-distribution-proxy-kick-off">
            <name>Kick-Off</name>
            <t>If the Proxy receives a Deterministic Request that targets the Distributor, includes an outer Block2 Option with value (NUM = 0, M = 0, SZX = 2), and does not produce a cache hit for a cache entry associated with an epoch, then the Proxy performs the following steps.</t>
            <t>For the considered Deterministic Requests, this occurs only if the Proxy has not distributed any inner chunk of the image yet, i.e., it has not retrieved any inner chunk of the image from the Distributor.</t>
            <ol spacing="normal" type="1"><li>
                <t>In the Deterministic Request, replace the value of the Block2 Option so that NUM = 0, M = 0, and SZX = 7 (i.e., BERT is used).</t>
              </li>
              <li>
                <t>Forward the Deterministic Request to the Distributor over TCP.</t>
              </li>
              <li>
                <t>Once received a corresponding successful 2.05 (Content) response from the Distributor, create a cache entry ENTRY and store the response in ENTRY as the inner chunk to transfer in the first epoch.  </t>
                <t>
Note that the value of the Block2 Option in the response specifies NUM = 0 and SZX = 7 (i.e., BERT is used).  </t>
                <t>
Before storing the response in ENTRY, the Proxy <bcp14>MUST</bcp14> remove from the response the Pre-OSCORE-Data Option and the associated CBOR data item prepended to the OSCORE ciphertext in the CoAP payload, which were added by the Distributor (see <xref target="sec-checksum-keys-provisioning"/>).</t>
              </li>
              <li>
                <t>Start an epoch with "Admission" as its current phase and associate it with ENTRY.</t>
              </li>
              <li>
                <t>Initialize an unsigned integer INNER_INDEX to 0 and associate it with ENTRY.</t>
              </li>
              <li>
                <t>Determine the time t_A when the immediately following "Full Transfer" phase will start. Start a timer with expiration set at t_A.</t>
              </li>
              <li>
                <t>The Proxy performs Step 2 in <xref target="sec-distribution-proxy-admission"/>, thus enrolling the Device that has sent the Deterministic Request in the upcoming transfer scheduled for the immediately following "Full Transfer" phase.</t>
              </li>
            </ol>
          </section>
          <section anchor="sec-distribution-proxy-admission">
            <name>"Admission" Phase</name>
            <t>If the Proxy receives a Deterministic Request that targets the Distributor and produces a cache hit for the cache entry ENTRY associated with an epoch with current phase "Admission", then the Proxy performs the following steps.</t>
            <ol spacing="normal" type="1"><li>
                <t>Determine whether ENTRY is storing the inner chunk to transfer in the current epoch, i.e., whether the value of the Block2 Option in the cached response within ENTRY specifies NUM = INNER_INDEX.  </t>
                <t>
In such case, move to Step 2. Otherwise, perform the following steps.  </t>
                <ul spacing="normal">
                  <li>
                    <t>In the Deterministic Request, replace the value of the Block2 Option so that NUM = INNER_INDEX, M = 0, and SZX = 7 (i.e., BERT is used).</t>
                  </li>
                  <li>
                    <t>Forward the Deterministic Request to the Distributor over TCP.</t>
                  </li>
                  <li>
                    <t>Once received a corresponding successful 2.05 (Content) response from the Distributor, store the response in ENTRY as the inner chunk to transfer in the current epoch, by overwriting the current content of ENTRY.      </t>
                    <t>
Note that the value of the Block2 Option in the response specifies NUM = INNER_INDEX and SZX = 7 (i.e., BERT is used).      </t>
                    <t>
Before storing the response in ENTRY, the Proxy <bcp14>MUST</bcp14> remove from the response the Pre-OSCORE-Data Option and the associated CBOR data item prepended to the OSCORE ciphertext in the CoAP payload, which were added by the Distributor (see <xref target="sec-checksum-keys-provisioning"/>).</t>
                  </li>
                  <li>
                    <t>Determine the time t_A when the immediately following "Full Transfer" phase will start. Start a timer with expiration set at t_A.</t>
                  </li>
                  <li>
                    <t>Move to Step 2.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>Reply by sending a "Hold-on Response", i.e., a 5.03 (Service Unavailable) error response.  </t>
                <t>
This is specifically an informative response defined in <xref section="4.2" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>, with Content-Format set to "application/informative-response+cbor" (see <xref section="14.2" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>).  </t>
                <t>
The payload of this informative response is a CBOR map that <bcp14>MUST</bcp14> include the following parameters.  </t>
                <ul spacing="normal">
                  <li>
                    <t>"tp_info", which is defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>. This parameter specifies the transport-specific information required to correctly receive CoAP responses over UDP and IP multicast, during the immediately following "Full Transfer" phase in the current epoch. Each of those responses will convey one outer chunk of the inner chunk distributed in the current epoch.      </t>
                    <t>
Per <xref section="4.2.1" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>, the "tp_info" parameter specifies addressing information as Constrained Resource Identifiers (CRIs) <xref target="I-D.ietf-core-href"/>.      </t>
                    <t>
Consistent with <xref section="4.2.1.1" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>, the Token value to be used in the current epoch for the multicast responses is specified by the "tpi_token" parameter, within the "tpi_details" element of "tp_info".      </t>
                    <t>
The Token value is selected by the Proxy, as an available value from a Token space under exclusive control of the Proxy and corresponding to a CoAP endpoint used for messages that have:      </t>
                    <ul spacing="normal">
                      <li>
                        <t>As source address and port number, the IP multicast address and port number where the Proxy sends the multicast responses in the current epoch.</t>
                      </li>
                      <li>
                        <t>As destination address and port number, the Proxy address and port number from where the Proxy sends the multicast responses in the current epoch, i.e., from where the Proxy sends the present error response.</t>
                      </li>
                    </ul>
                    <t>
Within a given Token space, the Token value used in an epoch <bcp14>MUST NOT</bcp14> be reused in any other epoch of the current transfer of the image or before the two following transfers of the same image have been completed.</t>
                  </li>
                  <li>
                    <t>"next_not_before", which is defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>. This parameter specifies the amount of seconds that will minimally elapse before the "Full Transfer" phase of the current epoch starts. Such a value <bcp14>MUST NOT</bcp14> result in indicating that the "Full Transfer" phase starts before t_A.</t>
                  </li>
                  <li>
                    <t>"progress_indicator", with value a numeric indication of progress, encoded as a CBOR unsigned integer. This parameter is defined in this document and registered in <xref target="iana-informative-response-parameters"/>.      </t>
                    <t>
This parameter enables clients to unambiguously interpret, reorder, and process the content that will be sent per the information specified in the "tp_info" parameter, e.g., if that content is split into parts identifiable by an index value.      </t>
                    <t>
When used in this document, the "progress_indicator" parameter <bcp14>MUST</bcp14> encode the current value of INNER_INDEX, thereby identifying the inner chunk that is transferred in the current epoch.</t>
                  </li>
                </ul>
                <t>
A Device receiving the "Hold-on Response" can set itself up for receiving the inner chunk during the immediately following "Full Transfer" phase of the current epoch. In particular, the Device becomes aware that the "Full Transfer" phase is scheduled to start not before the amount of seconds indicated by the "next_not_before" parameter, that the inner chunk to be transferred is the one with index INNER_INDEX indicated by the "progress_indicator" parameter, and that the responses conveying the corresponding outer chunks will be sent per the information specified in the "tp_info" parameter.</t>
              </li>
            </ol>
            <t>This phase finishes when the time t_A is reached and the related timer expires. After that, the epoch moves to the "Full Transfer" phase (see <xref target="sec-distribution-proxy-full-transfer"/>).</t>
          </section>
          <section anchor="sec-distribution-proxy-full-transfer">
            <name>"Full Transfer" Phase</name>
            <t>When this phase starts, the Proxy considers the response stored in the cache entry ENTRY associated with the current epoch. Such a response is the inner chunk to distribute in this phase, by using Block-wise transfer <xref target="RFC7959"/> to further split the inner chunk into smaller outer chunks.</t>
            <t>In particular, the i-th outer chunk is a CoAP response such that:</t>
            <ul spacing="normal">
              <li>
                <t>It retains the same CoAP header of the inner chunk response, with the following exceptions:  </t>
                <ul spacing="normal">
                  <li>
                    <t>The Message ID has a new value determined by the Proxy;</t>
                  </li>
                  <li>
                    <t>The message type <bcp14>MUST</bcp14> be Non-confirmable; and</t>
                  </li>
                  <li>
                    <t>The Token Length and Token fields <bcp14>MUST</bcp14> specify the length and the value of the Token to use for the multicast responses to send in the current epoch, respectively. The Token value was specified within the "tp_info" parameter of the "Hold-on Response" that was sent during the "Admission" phase of the current epoch (see <xref target="sec-distribution-proxy-admission"/>).</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>It <bcp14>MUST</bcp14> include an outer Block2 Option, whose value specifies NUM = i (i.e., the index of the present outer chunk) and SZX = 2 (i.e., a block size of 64 bytes).</t>
              </li>
              <li>
                <t>It <bcp14>MUST</bcp14> include the Checksum Option defined in <xref target="sec-checksum-option"/>, with value a checksum computed by the Proxy on the outer chunk, as defined in <xref target="sec-checksum"/>.</t>
              </li>
            </ul>
            <t>Before distributing the outer chunks, the Proxy determines the time t_C when the current epoch is expected to end. This takes into account the expected duration of the current "Full Transfer" phase and of the immediately following "Recovery Claim" and "Recovery Transfer" phases.</t>
            <t>Then, the Proxy sequentially sends the outer chunks to the enrolled Devices, according to the indexes of the outer chunks sorted in ascending order. That is, the Proxy first sends the outer chunk with i = 0, then continues with the outer chunk with i = 1, and so on until all the outer chunks have been sent. In the last outer chunk, the value of the outer Block2 Option specifies M = 0.</t>
            <t>Each outer chunk is transmitted as a response over UDP and IP multicast, according to the addressing information specified within the "tp_info" parameter of the "Hold-on Response" that was sent during the "Admission" phase of the current epoch (see <xref target="sec-distribution-proxy-admission"/>).</t>
            <t>This phase finishes when the Proxy has sent all the outer chunks corresponding to the inner chunk of the current epoch. After that, the epoch moves to the "Recovery Claim" phase (see <xref target="sec-distribution-proxy-recovery-claim"/>).</t>
            <t>If the Proxy receives a Deterministic Request that targets the Distributor and produces a cache hit for the cache entry ENTRY associated with an epoch with current phase "Full Transfer", then the Proxy <bcp14>MUST</bcp14> reply with a 5.03 (Service Unavailable) error response that has no payload. The error response <bcp14>MUST</bcp14> include the Max-Age Option, with value the amount of seconds that will minimally elapse before the current epoch ends. The value of the Max-Age Option <bcp14>MUST NOT</bcp14> result in indicating that the current epoch ends before t_C.</t>
          </section>
          <section anchor="sec-distribution-proxy-recovery-claim">
            <name>"Recovery Claim" Phase</name>
            <t>When this phase starts, the Proxy creates a set of unsigned integers, namely RECOVERY_INDEXES, and initializes it as empty.</t>
            <t>Also, the Proxy determines the time t_B when the immediately following "Recovery Transfer" phase will start. This takes into account the expected duration of the current "Recovery Claim" phase and the already determined time t_C when the current epoch is expected to end. In particular, the time t_B <bcp14>MUST NOT</bcp14> be after the time t_C. Finally, the Proxy starts a timer with expiration set at t_B.</t>
            <t>If the Proxy receives a Deterministic Request that targets the Distributor and produces a cache hit for the cache entry ENTRY associated with an epoch with current phase "Recovery Claim", then the Proxy performs the following steps.</t>
            <ol spacing="normal" type="1"><li>
                <t>The Proxy considers the received Deterministic Request and in particular its outer Block2 Option. The value specified by the NUM field of the option value is added to RECOVERY_INDEXES if and only if it is not included there already.</t>
              </li>
              <li>
                <t>The Proxy replies by sending a 5.03 (Service Unavailable) error response.  </t>
                <t>
This is specifically an informative response defined in <xref section="4.2" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>, with Content-Format set to "application/informative-response+cbor" (see <xref section="14.2" sectionFormat="of" target="I-D.ietf-core-observe-multicast-notifications"/>).  </t>
                <t>
The payload of the error response is a CBOR map that <bcp14>MUST</bcp14> include the following parameters.  </t>
                <ul spacing="normal">
                  <li>
                    <t>"tp_info", which is defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>. This parameter provides the same information as in the "Hold-on Response" sent during the "Admission" phase of the current epoch (see Step 2 of <xref target="sec-distribution-proxy-admission"/>), with the difference that it includes only server-side information and it <bcp14>MUST NOT</bcp14> include client-side information.      </t>
                    <t>
That is, the parameter still specifies server-side addressing information related to the Proxy as the sender of multicast responses. However, the parameter <bcp14>MUST NOT</bcp14> specify addressing information as to where the multicast responses are sent or the Token value used for those in the current epoch.      </t>
                    <t>
Consequently, only Devices that participated in the immediately previous "Full Transfer" phase and missed some outer chunks will participate in the immediately following "Recovery Transfer" phase. Instead, other Devices will be pointed to the start of the next epoch, according to what is specified by the Max-Age Option of the error response (see below).</t>
                  </li>
                  <li>
                    <t>"next_not_before", which is defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/>. This parameter specifies the amount of seconds that will minimally elapse before the "Recovery Transfer" phase of the current epoch starts. Such a value <bcp14>MUST NOT</bcp14> result in indicating that the "Recovery Transfer" phase starts before t_B.</t>
                  </li>
                  <li>
                    <t>"progress_indicator", with value a numeric indication of progress, encoded as a CBOR unsigned integer. This parameter is defined in this document and registered in <xref target="iana-informative-response-parameters"/>.      </t>
                    <t>
Like in the "Hold-on Response" sent during the "Admission" phase of the current epoch (see Step 2 of <xref target="sec-distribution-proxy-admission"/>), the "progress_indicator" parameter <bcp14>MUST</bcp14> encode the current value of INNER_INDEX, thereby identifying the inner chunk that is transferred in the current epoch.</t>
                  </li>
                </ul>
                <t>
Furthermore, the error response <bcp14>MUST</bcp14> include the Max-Age Option, with value the amount of seconds that will minimally elapse before the current epoch ends. The value of the Max-Age Option <bcp14>MUST NOT</bcp14> result in indicating that the current epoch ends before t_C.  </t>
                <t>
A Device receiving this error response gains knowledge of when the immediately following "Recovery Transfer" phase starts and when the next epoch starts.  </t>
                <t>
The former information is useful for a Device that participated in the immediately previous "Full Transfer" phase and missed some outer chunks. That Device can thus set itself up for receiving such outer chunks, which will be distributed during the immediately following "Recovery Transfer" phase.  </t>
                <t>
In particular, the Device becomes aware that the "Recovery Transfer" phase is scheduled to start not before the amount of seconds indicated by the "next_not_before" parameter and that the outer chunks to be transferred pertain to the inner chunk with index INNER_INDEX indicated by the "progress_indicator" parameter. Having participated in the immediately previous "Full Transfer" phase, the Device is aware that the responses representing the outer chunks will be sent per the information specified in the "tp_info" parameter of the "Hold-on Response" that the Device received during the "Admission" phase of the current epoch.</t>
              </li>
            </ol>
            <t>This phase finishes when the time t_B is reached and the related timer expires. After that, the epoch moves to the "Recovery Transfer" phase (see <xref target="sec-distribution-proxy-recovery-transfer"/>).</t>
          </section>
          <section anchor="sec-distribution-proxy-recovery-transfer">
            <name>"Recovery Transfer" Phase</name>
            <t>When this phase starts, the Proxy prepares a set of outer chunks, namely RECOVERY_CHUNKS. The set includes a selection of the outer chunks that were sent during the "Full Transfer" phase of the current epoch (see <xref target="sec-distribution-proxy-full-transfer"/>). In particular, each of such outer chunks is added to RECOVERY_CHUNKS if and only if the value specified by the NUM field in the value of its outer Block2 Option is an element of the RECOVERY_INDEXES set.</t>
            <t>After that, the Proxy distributes only the outer chunks included in RECOVERY_CHUNKS, just like it distributed the outer chunks during the "Full Transfer" phase of the current epoch (see <xref target="sec-distribution-proxy-full-transfer"/>). In particular, the outer chunks are sent according to their indexes sorted in ascending order. Their transmission occurs over UDP and IP multicast, according to the same information specified in the "tp_info" parameter of the "Hold-on Responses" that were sent during the "Admission" phase of the current epoch.</t>
            <t>The Proxy <bcp14>MUST NOT</bcp14> alter the time t_C that was determined during the "Full Transfer" phase, as the time when the current epoch is expected to end.</t>
            <t>After the Proxy has sent all the outer chunks that are an element of RECOVERY_CHUNKS, the Proxy deletes the RECOVERY_INDEXES and RECOVERY_CHUNKS sets, and the epoch moves to the final "Epilogue" (see <xref target="sec-distribution-proxy-epilogue"/>).</t>
            <t>If the Proxy receives a Deterministic Request that targets the Distributor and produces a cache hit for the cache entry ENTRY associated with an epoch with current phase "Recovery Transfer" or in its "Epilogue", then the Proxy <bcp14>MUST</bcp14> reply with a 5.03 (Service Unavailable) error response that has no payload. The error response <bcp14>MUST</bcp14> include the Max-Age Option, with value the amount of seconds that will minimally elapse before the current epoch ends. The value of the Max-Age Option <bcp14>MUST NOT</bcp14> result in indicating that the current epoch ends before t_C.</t>
          </section>
          <section anchor="sec-distribution-proxy-epilogue">
            <name>Epilogue</name>
            <t>To conclude the current epoch, the Proxy performs the following steps.</t>
            <ol spacing="normal" type="1"><li>
                <t>The Proxy considers the response stored in the cache entry ENTRY associated with the current epoch, and particularly the field M in the value of the Block2 Option.</t>
              </li>
              <li>
                <t>The Proxy updates the value of INNER_INDEX associated with ENTRY as follows:  </t>
                <ul spacing="normal">
                  <li>
                    <t>If M is 1, then INNER_INDEX is incremented by 1.</t>
                  </li>
                  <li>
                    <t>If M is 0, then INNER_INDEX takes 0 as its new value.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>When the time t_C is reached, the Proxy concludes the current epoch, starts a new epoch with "Admission" as its current phase, deletes the association between the old epoch end ENTRY, and associates the new epoch with ENTRY.</t>
              </li>
            </ol>
          </section>
        </section>
      </section>
    </section>
    <section anchor="sec-checksum">
      <name>Checksum on Outer Chunks</name>
      <t>This section defines how the Proxy computes a checksum value over each outer chunk that it sends to the target Devices during the "Full Transfer" phase (see <xref target="sec-distribution-proxy-full-transfer"/>) and the "Recovery Transfer" phase (see <xref target="sec-distribution-proxy-recovery-transfer"/>).</t>
      <t>As described in <xref target="sec-mac"/>, the computed checksum value is specified as the value of the Checksum Option defined in <xref target="sec-checksum-option"/>, which the Proxy includes in the response sent as outer chunk to the Devices.</t>
      <t>Upon receiving an outer chunk, a Device recomputes the checksum and compares it against the value conveyed in the Checksum Option, in order to check whether the outer chunk was altered in transit.</t>
      <t>The checksum value of an outer chunk is computed by using a checksum key, whose derivation is defined in <xref target="sec-checksum-keys"/>. The same checksum key is used to compute the checksum values for all the outer chunks of the same inner chunk, i.e., during a whole epoch (see <xref target="sec-distribution"/>).</t>
      <t>While a checksum key is <em>used</em> by the Proxy and the Devices, the checksum key is <em>derived</em> by the Distributor and the Devices, by using keying material in their shared Group OSCORE Security Context.</t>
      <t>The Distributor provides the Proxy with the checksum key to use during the current epoch (see <xref target="sec-checksum-keys-provisioning"/>), when sending to the Proxy a CoAP response over TCP as the inner chunk to distribute in that epoch (see <xref target="sec-distribution-proxy-kick-off"/> and <xref target="sec-distribution-proxy-admission"/>). In particular, the Distributor wraps the checksum key in a CBOR data item and prepends that data item to the OSCORE ciphertext in the CoAP payload of the response sent to the Proxy. The Distributor indicates the presence of the prepended CBOR data item by including in the response the Pre-OSCORE-Data Option defined in <xref target="sec-pre-oscore-data-option"/>.</t>
      <t>The use of checksums counteracts an attack against availability that an active adversary could easily perform by manipulating the CoAP responses sent by the Proxy to the Devices as outer chunks. By recomputing a checksum and verifying it against the one included in the response received from the Proxy, target Devices can promptly detect a possible manipulation of the outer chunk and discard the response as invalid.</t>
      <section anchor="sec-root-checksum-key">
        <name>Root Checksum Key</name>
        <t>When using the method defined in this document, the Group OSCORE Security Context shared by the Distributor and the Devices is extended with one additional parameter in the Common Context.</t>
        <t>The new parameter Root Checksum Key specifies a secret symmetric key. This is used for deriving checksum keys that are in turn used for computing checksums of outer chunks (see <xref target="sec-mac"/>).</t>
        <t>The Root Checksum Key is derived as defined for the Sender/Recipient Keys in <xref section="3.2.1" sectionFormat="of" target="RFC8613"/>, with the following differences.</t>
        <ul spacing="normal">
          <li>
            <t>The 'id' element of the 'info' array is the empty byte string.</t>
          </li>
          <li>
            <t>The 'type' element of the 'info' array is "RCKey". The label is an ASCII string and does not include a trailing NUL byte.</t>
          </li>
          <li>
            <t>The 'alg_aead' element of the 'info' array specifies the Group Encryption Algorithm from the Common Context (see <xref section="2.1.7" sectionFormat="of" target="I-D.ietf-core-oscore-groupcomm"/>) encoded as a CBOR integer or text string, consistent with the "Value" field in the entry of the "COSE Algorithms" Registry for that algorithm <xref target="COSE.Algorithms"/>.</t>
          </li>
          <li>
            <t>The L parameter of the HKDF and the 'L' element of the 'info' array are the length in bytes of the key for the Group Encryption Algorithm specified in the Common Context. While the obtained Root Checksum Key is never used with the Group Encryption Algorithm, its length was chosen to obtain a matching level of security.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-checksum-keys">
        <name>Derivation of Checksum Keys</name>
        <t>The same checksum key K is used for computing the checksum value on all the outer chunks of the same inner chunk.</t>
        <t>In particular, K is derived:</t>
        <ul spacing="normal">
          <li>
            <t>By the Distributor, upon sending to the Proxy a CoAP response over TCP as the inner chunk to distribute in the current epoch (see <xref target="sec-distribution-proxy-kick-off"/> and <xref target="sec-distribution-proxy-admission"/>).  </t>
            <t>
Note that the Distributor provides the Proxy with the checksum key K as embedded in that response (see <xref target="sec-checksum-keys-provisioning"/>).</t>
          </li>
          <li>
            <t>By each target Device, when receiving an outer chunk of the inner chunk distributed in the current epoch (see <xref target="sec-distribution-proxy-full-transfer"/> and <xref target="sec-distribution-proxy-recovery-transfer"/>).</t>
          </li>
        </ul>
        <t>A checksum key K <bcp14>SHALL</bcp14> be derived as follows, by using the HKDF Algorithm from the Common Context of the Group OSCORE Security Context (see Section 2.1.2 of <xref target="I-D.ietf-core-oscore-groupcomm"/>), which consists of composing the HKDF-Extract and HKDF-Expand steps <xref target="RFC5869"/>.</t>
        <t>K = HKDF(salt, IKM, info, L)</t>
        <t>The input parameters of HKDF are as follows.</t>
        <ul spacing="normal">
          <li>
            <t>salt takes as value the index of the inner chunk to distribute in the current epoch, i.e., INNER_INDEX, represented in the smallest number of bytes needed.  </t>
            <t>
From the Distributor point of view, this value is specified by the NUM field of the value of the outer Block2 Option, which is included in the response sent to the Proxy as the inner chunk.  </t>
            <t>
From the Device point of view, this value is encoded as a CBOR unsigned integer by the "progress_indicator" parameter, which is conveyed in the payload of the error informative responses that the Proxy sends during the "Admission" phase (see <xref target="sec-distribution-proxy-admission"/>) and the "Recovery Claim" phase (see <xref target="sec-distribution-proxy-recovery-claim"/>).</t>
          </li>
          <li>
            <t>IKM is the Root Checksum Key from the Common Context (see <xref target="sec-root-checksum-key"/>).</t>
          </li>
          <li>
            <t>info is the serialization of a CBOR array with the structure defined below, following the notation of <xref target="RFC8610"/>):</t>
          </li>
        </ul>
        <sourcecode type="CDDL"><![CDATA[
   info = [
     piv : bstr,
     L : uint
   ]
]]></sourcecode>
        <t>where:</t>
        <ul spacing="normal">
          <li>
            <t>piv is the Partial IV field in the OSCORE Option of the following messages:  </t>
            <ul spacing="normal">
              <li>
                <t>From the Distributor point of view, the response that the Distributor sends to the Proxy as the inner chunk to distribute in the current epoch.      </t>
                <t>
Note that such a message is specifically a response to a Deterministic Request. Therefore, it always includes a Partial IV in the OSCORE Option (see <xref target="I-D.ietf-core-cacheable-oscore"/>).</t>
              </li>
              <li>
                <t>From the Device point of view, the responses received from the Proxy during the "Full Transfer" phase (see <xref target="sec-distribution-proxy-full-transfer"/>) and "Recovery Transfer" phase (see <xref target="sec-distribution-proxy-recovery-transfer"/>) as the outer chunks of the inner chunk distributed in the current epoch.      </t>
                <t>
Note that all such responses include a Partial IV in the OSCORE Option. The value of the Partial IV is the same one of the Partial IV in the OSCORE Option of the response that the Proxy received from the Distributor as the inner chunk to distribute in the current epoch.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>The L parameter of the HKDF and the 'L' element of the 'info' array are the length in bytes of the Root Checksum Key from the Common Context.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-checksum-option">
        <name>Checksum Option</name>
        <t>The CoAP Checksum Option defined in this section has the properties summarized in <xref target="_table-checksum-option"/>, which extends Table 4 of <xref target="RFC7252"/>. The option is Elective, Safe-to-Forward, and part of the Cache-Key. The option <bcp14>MUST NOT</bcp14> occur more than once.</t>
        <table align="center" anchor="_table-checksum-option">
          <name>Checksum Option. C=Critical, U=Unsafe, N=NoCacheKey, R=Repeatable</name>
          <thead>
            <tr>
              <th align="left">No.</th>
              <th align="left">C</th>
              <th align="left">U</th>
              <th align="left">N</th>
              <th align="left">R</th>
              <th align="left">Name</th>
              <th align="left">Format</th>
              <th align="left">Length</th>
              <th align="left">Default</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD256</td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left">Checksum</td>
              <td align="left">opaque</td>
              <td align="left">1-8</td>
              <td align="left">(none)</td>
            </tr>
          </tbody>
        </table>
        <t>The option value is a checksum computed over (part of) the message by the endpoint that added the option, thereby enabling the message recipient to perform an integrity check on the message.</t>
        <t>The Checksum Option is of class U for OSCORE <xref target="RFC8613"/><xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      </section>
      <section anchor="sec-mac">
        <name>Computation and Embodiment of Checksums</name>
        <t>The Proxy computes the checksum on an outer chunk before sending that outer chunk to the target Devices, during the "Full Transfer" phase (see <xref target="sec-distribution-proxy-full-transfer"/>) and "Recovery Transfer" phase (see <xref target="sec-distribution-proxy-recovery-transfer"/>).</t>
        <t>After having computed the checksum as defined below, the Proxy specifies it as value of the Checksum Option (see <xref target="sec-checksum-option"/>) and includes the option in the response sent as outer chunk to the Devices. If outer CoAP options were already included in the response and their option number is greater than that of the Checksum Option, then the Proxy appropriately updates their Option Delta (see <xref section="3.1" sectionFormat="of" target="RFC7252"/>).</t>
        <t>A Device computes the checksum on an outer chunk upon receiving that outer chunk from the Proxy, during the "Full Transfer" phase (see <xref target="sec-distribution-proxy-full-transfer"/>) and "Recovery Transfer" phase (see <xref target="sec-distribution-proxy-recovery-transfer"/>).</t>
        <t>In particular, the Device first removes the Checksum Option from the response received as outer chunk from the Proxy. After that, if outer CoAP options are included in the response and their option number is greater than that of the Checksum Option, then the Device appropriately updates their Option Delta. Finally, the Device computes the checksum on the resulting response and compares the result against the checksum specified as value of the removed Checksum Option.</t>
        <t>If the two checksums are not equal, the Device <bcp14>MUST</bcp14> discard the response without further processing it. If this happens during the "Full Transfer" phase, the Device can send a request to the Proxy during the immediately following "Recovery Claim" phase (see <xref target="sec-distribution-proxy-recovery-claim"/>), thus asking the Proxy to re-send the outer chunk during the immediately following "Recovery Transfer" phase.</t>
        <t>Given a response that the Proxy sends as outer chunk, the checksum on that outer chunk is a 2-byte MAC that <bcp14>SHALL</bcp14> be computed as follows by using the HKDF algorithm HKDF SHA-256, which consists of composing the HKDF-Extract and HKDF-Expand steps <xref target="RFC5869"/>.</t>
        <t>MAC = HKDF(salt, IKM, info, L)</t>
        <t>The input parameters of HKDF are as follows.</t>
        <ul spacing="normal">
          <li>
            <t>salt takes as value the index of the inner chunk to distribute in the current epoch, i.e., INNER_INDEX, represented in the smallest number of bytes needed.  </t>
            <t>
From the Proxy point of view, INNER_INDEX is stored and consistently updated throughout the different epochs of the image distribution (see <xref target="sec-distribution-proxy"/>).  </t>
            <t>
From the Device point of view, this value is encoded as a CBOR unsigned integer by the "progress_indicator" parameter, which is conveyed in the payload of the error informative responses that the Proxy sends during the "Admission" phase (see <xref target="sec-distribution-proxy-admission"/>) and the "Recovery Claim" phase (see <xref target="sec-distribution-proxy-recovery-claim"/>).</t>
          </li>
          <li>
            <t>IKM is the Checksum Key to use for this inner chunk, which is derived as defined in <xref target="sec-checksum-keys"/>.</t>
          </li>
          <li>
            <t>info is the serialization of the CoAP response that the Proxy has to send as outer chunk.  </t>
            <t>
The Proxy <bcp14>MUST</bcp14> use the CoAP response available before the addition of the Checksum Option.  </t>
            <t>
The Device <bcp14>MUST</bcp14> use the CoAP response available after:  </t>
            <ul spacing="normal">
              <li>
                <t>Removing the Checksum Option; and</t>
              </li>
              <li>
                <t>Updating the Option Delta of each outer option whose option number is greater than that of the Checksum Option.</t>
              </li>
            </ul>
          </li>
          <li>
            <t>L has value 2.</t>
          </li>
        </ul>
      </section>
      <section anchor="sec-pre-oscore-data-option">
        <name>Pre-OSCORE-Data Option</name>
        <t>The CoAP Pre-OSCORE-Data Option defined in this section has the properties summarized in <xref target="_table-pre-oscore-data-option"/>, which extends Table 4 of <xref target="RFC7252"/>. The option is Critical, Safe-to-Forward, part of the Cache-Key, and repeatable.</t>
        <table align="center" anchor="_table-pre-oscore-data-option">
          <name>Pre-OSCORE-Data Option. C=Critical, U=Unsafe, N=NoCacheKey, R=Repeatable</name>
          <thead>
            <tr>
              <th align="left">No.</th>
              <th align="left">C</th>
              <th align="left">U</th>
              <th align="left">N</th>
              <th align="left">R</th>
              <th align="left">Name</th>
              <th align="left">Format</th>
              <th align="left">Length</th>
              <th align="left">Default</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD257</td>
              <td align="left">x</td>
              <td align="left"> </td>
              <td align="left"> </td>
              <td align="left">x</td>
              <td align="left">Pre-OSCORE-Data</td>
              <td align="left">uint</td>
              <td align="left">1-4</td>
              <td align="left">(none)</td>
            </tr>
          </tbody>
        </table>
        <t>The presence of this option means that, within the CoAP payload, the OSCORE ciphertext is prepended by a CBOR data item that is intended for the consumer of the option.</t>
        <t>The option value is an unsigned integer strictly greater than 0, which identifies the semantics of the data conveyed by the CBOR data item. In particular, the option value <bcp14>MUST</bcp14> be either X or (X + 1), where X is an odd value taken from the 'Value' column of the "Pre-OSCORE Data Semantics" IANA registry defined in <xref target="iana-pre-oscore-data-semantics"/>.</t>
        <t>Both values X and (X + 1) identify the same data semantics. However:</t>
        <ul spacing="normal">
          <li>
            <t>The odd value X means that the CBOR data item is a CBOR byte string, whose value is the data with the indicated semantics.</t>
          </li>
          <li>
            <t>The even value (X + 1) means that the CBOR data item is a COSE object, i.e., a possibly tagged COSE message as defined in <xref section="2" sectionFormat="of" target="RFC9052"/>.  </t>
            <t>
The data with the indicated semantics consists of what is available at the recipient once successfully completed all the COSE processing, e.g., the data is a plaintext recovered after a decryption process.</t>
          </li>
        </ul>
        <t>Note that, although even values cannot be registered in the "Pre-OSCORE Data Semantics" IANA registry (see <xref target="iana-pre-oscore-data-semantics"/>), those values are meaningful semantics identifiers that can be used as option value. That is, the even value Y identifies the same semantics identified by its companion odd value X = (Y - 1).</t>
        <t>The recipient of a CoAP message including the Pre-OSCORE-Data Option <bcp14>MUST</bcp14> consume the option, i.e., it removes and consumes the prepended CBOR data item from the CoAP payload, after which it removes the option from the message.</t>
        <t>The Pre-OSCORE-Data Option <bcp14>MAY</bcp14> occur multiple times. In such a case, each occurrence of the option refers to one CBOR data item prepended to the OSCORE ciphertext within the CoAP payload. In particular, the i-th occurrence of the option refers to the i-th prepended CBOR data item.</t>
        <t>The Pre-OSCORE-Data Option is of class U for OSCORE <xref target="RFC8613"/><xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      </section>
      <section anchor="sec-checksum-keys-provisioning">
        <name>Provisioning of Checksum Keys to the Proxy</name>
        <t>When the Distributor sends to the Proxy a CoAP response over TCP as the inner chunk to distribute during an epoch (see <xref target="sec-distribution"/>), the Distributor also provides the Proxy with a Checksum Key, i.e., the one to use during that epoch for computing the checksums on the outer chunks of that inner chunk.</t>
        <t>The Distributor derives the Checksum Key as defined in <xref target="sec-checksum-keys"/> and includes it in the response sent to the Proxy, as a CBOR data item prepended to the OSCORE ciphertext that is conveyed by the CoAP payload of the response. That is, the CBOR data item is prepended to the OSCORE ciphertext that results from protecting the response end-to-end between the Distributor and the Devices by using Group OSCORE.</t>
        <t>In order to indicate the presence of such CBOR data item, the response <bcp14>MUST</bcp14> include the Pre-OSCORE Data Option (see <xref target="sec-pre-oscore-data-option"/>), whose value is set as defined below.</t>
        <t>There are two possible ways for the Distributor to provide the Checksum Key in the response to the Proxy as a prepended CBOR data item:</t>
        <ul spacing="normal">
          <li>
            <t>The CBOR data item is a CBOR byte string, whose value is the Checksum Key. In such a case, the value of the Pre-OSCORE Data Option <bcp14>MUST</bcp14> be set to 1.  </t>
            <t>
This alternative <bcp14>SHOULD</bcp14> be used by the Distributor, if the response to the Proxy is protected by means of a mutually authenticated, secure communication association between the Distributor and the Proxy, in such a way that only the Proxy is able to retrieve the protected content in plain.</t>
          </li>
          <li>
            <t>The CBOR data item is a COSE object <xref target="RFC9052"/>, which can be tagged or untagged. In such a case, the value of the Pre-OSCORE Data Option <bcp14>MUST</bcp14> be set to 2.  </t>
            <t>
The COSE Object is the result of using HPKE <xref target="RFC9180"/> with COSE. In particular, the HPKE Integrated Encryption Mode specified in <xref section="3.2" sectionFormat="of" target="I-D.ietf-cose-hpke"/> <bcp14>MUST</bcp14> be used. The input pt for the HPKE Seal Single-Shot operation is the Checksum Key. The resulting COSE object uses a COSE_Encrypt0 structure <xref target="RFC9052"/>.  </t>
            <t>
In order to ensure source authentication of the prepended CBOR data item, the Distributor can additionally rely on a COSE object that uses a COSE_Sign, COSE_Sign1, COSE_MAC, or COSE_MAC0 structure <xref target="RFC9052"/>. In such a case, the COSE_Encrypt0 object is used as payload of the COSE_Sign, COSE_Sign1, COSE_MAC, or COSE_MAC0 structure.  </t>
            <t>
This alternative <bcp14>MUST</bcp14> be used by the Distributor, unless the response to the Proxy is protected by means of a mutually authenticated, secure communication association between the Distributor and the Proxy, in such a way that only the Proxy is able to retrieve the protected content in plain.  </t>
            <t>
This alternative requires the Distributor to know:  </t>
            <ul spacing="normal">
              <li>
                <t>The COSE-HPKE algorithm to use with the Proxy (see <xref section="4" sectionFormat="of" target="I-D.ietf-cose-hpke"/>).</t>
              </li>
              <li>
                <t>The static public key of the Proxy to use as the input pkR of the HPKE Seal Single-Shot operation (see <xref section="3.2" sectionFormat="of" target="I-D.ietf-cose-hpke"/>).</t>
              </li>
            </ul>
            <t>
<xref target="proxy-public-key"/> describes possible approaches for the Distributor to obtain the static public key of the Proxy and to select the right one to use at runtime.</t>
          </li>
        </ul>
        <t>Secure communication associations between the Distributor and the Proxy can rely, for example, on a TLS <xref target="RFC8446"/> channel where the Distributor has been authenticated during the secure channel establishment, or on a pairwise OSCORE Security Context <xref target="RFC8613"/> shared between the Distributor and the Proxy (see <xref target="I-D.ietf-core-oscore-capable-proxies"/>).</t>
        <section anchor="proxy-public-key">
          <name>Obtaining and Selecting the Proxy's Public Key</name>
          <t>This section describes possible approaches that the Distributor can use to obtain the static public key of the Proxy and to select the right one to use at runtime. As discussed above, this is relevant in the case where the Distributor uses a COSE object as the value of the Pre-OSCORE Data Option, when providing the Proxy with a Checksum Key within a CoAP response as the inner chunk to distribute during an epoch.</t>
          <t>The following considers a Proxy that uses P_ADDR as source IP address when sending to the Distributor a request over TCP for retrieving the next inner chunk to distribute during an epoch. Also, AUTH_CRED_P denotes the Proxy's public authentication credential, which includes the Proxy's static public key K_PUB_P corresponding to the Proxy's static private key K_PRIV_P.</t>
          <ul spacing="normal">
            <li>
              <t>The Distributor can be pre-configured with the pair (P_ADDR, AUTH_CRED_P).</t>
            </li>
            <li>
              <t>When receiving a request for an inner chunk from the Proxy, the Distributor can query a trusted public key repository, using the source IP address of the incoming request as lookup information. As a result, the Distributor retrieves AUTH_CRED_P.</t>
            </li>
            <li>
              <t>When receiving a request for an inner chunk from the Proxy, the Distributor can contact the Proxy at P_ADDR, by accessing a (well-known) designated resource for retrieving K_PUB_P from the Proxy.  </t>
              <t>
This approach requires the Proxy to prove possession of its static private key and has two variants, depending on whether the Key Encapsulation Mechanism (KEM) used for HPKE is based on a Diffie-Hellman/Non-Interactive Key Exchange (DH/NIKE) or not. The two variants are separately defined in <xref target="proxy-public-key-variant-1"/> and <xref target="proxy-public-key-variant-2"/>.</t>
            </li>
          </ul>
          <t>Regardless of how the Distributor has obtained the Proxy's public key, the following holds:</t>
          <ul spacing="normal">
            <li>
              <t>The Distributor can select the right public key to use for producing the COSE object conveying the Checksum Key, based on the source IP address of an incoming request that asks for an inner chunk.</t>
            </li>
            <li>
              <t>If AUTH_CRED_P specifies a domain name (e.g., it is a public key certificate) and that domain name resolves to an address ADDR, then the Distributor uses K_PUB_P only if ADDR is equal to P_ADDR.</t>
            </li>
            <li>
              <t>If an active adversary makes the Distributor erroneously consider a public key different from the intended K_PUB_P, the Proxy will not be able to obtain the Checksum Key from the Distributor. Although this prevents the successful distribution of outer chunks to the Devices, it is easier for the adversary to create such a disservice by simply blocking messages exchanged between the Distributor and the Proxy.</t>
            </li>
            <li>
              <t>By spoofing the source IP address of a request that the Proxy sends to the Distributor, an active adversary could manage to obtain the Checksum Key from the Distributor and then act like the Proxy towards the Devices. This enables the adversary to compute the correct checksum values and specify those in the outer chunks, which is in fact not really an attack against the distribution of the outer chunks to the Devices.</t>
            </li>
          </ul>
          <section anchor="proxy-public-key-variant-1">
            <name>Retrieval from the Proxy (variant 1)</name>
            <t>If the KEM used for HPKE is based on a DH/NIKE, the interaction between the Distributor and the Proxy is as follows.</t>
            <ol spacing="normal" type="1"><li>
                <t>The Distributor generates:  </t>
                <ul spacing="normal">
                  <li>
                    <t>A nonce N_1, whose value is <bcp14>RECOMMENDED</bcp14> to be random and whose length is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes.</t>
                  </li>
                  <li>
                    <t>An ephemeral public key.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>The Distributor sends to the Proxy a request message MSG_1, whose Content-Format is "application/cbor-seq". The payload of MSG_1 specifies a CBOR sequence <xref target="RFC8742"/> composed of two CBOR byte strings: the first CBOR byte string encodes N_1; the second CBOR byte string encodes the ephemeral public key generated at Step 1.</t>
              </li>
              <li>
                <t>After receiving MSG_1, the Proxy generates a nonce N_2, whose value is <bcp14>RECOMMENDED</bcp14> to be random and whose length is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes.</t>
              </li>
              <li>
                <t>The Proxy composes as proof-of-possession (PoP) input the byte concatenation of:  </t>
                <ul spacing="normal">
                  <li>
                    <t>The binary representation of a CBOR byte string whose value is N_1; and</t>
                  </li>
                  <li>
                    <t>The binary representation of a CBOR byte string whose value is N_2.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>The Proxy computes a MAC as a PoP evidence by using the HKDF Algorithm HKDF SHA-256, which consists of composing the HKDF-Extract and HKDF-Expand steps <xref target="RFC5869"/>.  </t>
                <t>
MAC = HKDF(salt, IKM, info, L)  </t>
                <t>
The input parameters of HKDF are as follows:  </t>
                <ul spacing="normal">
                  <li>
                    <t>salt takes as value the empty byte string.</t>
                  </li>
                  <li>
                    <t>IKM is a shared secret computed by using the Distributor's ephemeral public key conveyed in MSG_1 and K_PRIV_P. For example, if the KEM relies on Diffie-Hellman, IKM is computed as a cofactor Diffie-Hellman shared secret (see Section 5.7.1.2 of <xref target="NIST-800-56A"/>, using the ECDH algorithm associated with K_PRIV_P.</t>
                  </li>
                  <li>
                    <t>info takes as value the PoP input.</t>
                  </li>
                  <li>
                    <t>L is equal to 8, i.e., the size of the MAC, in bytes.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>The Proxy replies to the Distributor by sending a response message MSG_2, whose Content-Format is "application/cbor-seq". The payload of MSG_2 specifies a CBOR sequence composed of three CBOR byte strings: the first CBOR byte string encodes N_2; the second CBOR byte string encodes AUTH_CRED_P; the third CBOR byte string encodes the MAC computed at Step 5.</t>
              </li>
              <li>
                <t>After receiving MSG_2, the Distributor derives the same shared secret by using K_PUB_P specified within AUTH_CRED_P and its own ephemeral private key corresponding to the ephemeral public generated at Step 1.</t>
              </li>
              <li>
                <t>The Distributor computes a MAC as a PoP evidence, by means of the same process used by the Proxy at Step 5, using as IKM the shared secret computed at Step 7.</t>
              </li>
              <li>
                <t>The Distributor achieves proof of possession and accepts K_PUB_P only if the MAC computed at Step 8 is equal to the one conveyed in MSG_2.</t>
              </li>
            </ol>
          </section>
          <section anchor="proxy-public-key-variant-2">
            <name>Retrieval from the Proxy (variant 2)</name>
            <t>If the KEM used for HPKE is not based on a DH/NIKE (e.g., the KEM used is ML-KEM <xref target="FIPS203"/>), the interaction between the Distributor and the Proxy is as follows.</t>
            <ol spacing="normal" type="1"><li>
                <t>The Distributor generates a nonce N_1, whose value is <bcp14>RECOMMENDED</bcp14> to be random and whose length is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes.</t>
              </li>
              <li>
                <t>The Distributor sends to the Proxy a request message MSG_1, whose payload specifies N_1.</t>
              </li>
              <li>
                <t>After receiving MSG_1, the Proxy generates a nonce N_2, whose value is <bcp14>RECOMMENDED</bcp14> to be random and whose length is <bcp14>RECOMMENDED</bcp14> to be at least 8 bytes. The Proxy stores the pair (N_1, N_2).</t>
              </li>
              <li>
                <t>The Proxy replies to the Distributor by sending a response message MSG_2, whose Content-Format is "application/cbor-seq". The payload of MSG_2 specifies a CBOR sequence composed of two CBOR byte strings: the first CBOR byte string encodes N_2; the second CBOR byte string encodes AUTH_CRED_P.</t>
              </li>
              <li>
                <t>After receiving MSG_2, the Distributor generates a shared secret and encapsulates it into a ciphertext, by using K_PUB_P specified within AUTH_CRED_P.</t>
              </li>
              <li>
                <t>The Distributor sends to the Proxy a request message MSG_3, whose Content-Format is "application/cbor-seq". The payload of MSG_3 specifies a CBOR sequence composed of two CBOR byte strings: the first CBOR byte string encodes N_2; the second CBOR byte string encodes the ciphertext computed at Step 5.</t>
              </li>
              <li>
                <t>After receiving MSG_3, the Proxy uses N_2 conveyed therein to retrieve N_1 from the stored pair (N_1, N_2). Then, the Proxy decapsulates the shared secret from the ciphertext and composes as proof-of-possession (PoP) input the byte concatenation of:  </t>
                <ul spacing="normal">
                  <li>
                    <t>The binary representation of a CBOR byte string whose value is N_1; and</t>
                  </li>
                  <li>
                    <t>The binary representation of a CBOR byte string whose value is N_2.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>The Proxy computes a MAC as a PoP evidence by using the HKDF Algorithm HKDF SHA-256, which consists of composing the HKDF-Extract and HKDF-Expand steps <xref target="RFC5869"/>.  </t>
                <t>
MAC = HKDF(salt, IKM, info, L)  </t>
                <t>
The input parameters of HKDF are as follows:  </t>
                <ul spacing="normal">
                  <li>
                    <t>salt takes as value the empty byte string.</t>
                  </li>
                  <li>
                    <t>IKM is the shared secret retrieved at Step 7.</t>
                  </li>
                  <li>
                    <t>info takes as value the PoP input.</t>
                  </li>
                  <li>
                    <t>L is equal to 8, i.e., the size of the MAC, in bytes.</t>
                  </li>
                </ul>
              </li>
              <li>
                <t>The Proxy deletes the stored pair (N_1, N_2). Then, the proxy replies to the Distributor by sending a response message MSG_4, whose payload specifies the MAC computed at Step 8.</t>
              </li>
              <li>
                <t>After receiving MSG_4, the Distributor computes a MAC as a PoP evidence, by means of the same process used by the Proxy at Step 8, using as IKM the shared secret generated at Step 5.</t>
              </li>
              <li>
                <t>The Distributor achieves proof of possession and accepts K_PUB_P only if the MAC computed at Step 10 is equal to the one conveyed in MSG_4.</t>
              </li>
            </ol>
          </section>
        </section>
      </section>
    </section>
    <section anchor="pre-oscore-data-semantics">
      <name>Pre-OSCORE Data Semantics</name>
      <t>This document defines the following semantics for data prepended to the ciphertext conveyed in the CoAP payload of a message protected with OSCORE <xref target="RFC8613"/> or Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>.</t>
      <table align="center" anchor="_table-pre-oscore-data-semantics">
        <name>Pre-OSCORE Data Semantics.</name>
        <thead>
          <tr>
            <th align="left">Value</th>
            <th align="left">Description</th>
            <th align="left">Reference</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="left">1</td>
            <td align="left">Checksum key</td>
            <td align="left">[RFC-XXXX], <xref target="sec-checksum-keys-provisioning"/></td>
          </tr>
        </tbody>
      </table>
    </section>
    <section anchor="sec-security-considerations">
      <name>Security Considerations</name>
      <t>Security considerations are inherited from <xref target="RFC7252"/>, <xref target="I-D.ietf-core-groupcomm-bis"/>, and <xref target="RFC8323"/> as to the use of CoAP also for group communication and over reliable transports.</t>
      <t>Security considerations are also inherited from <xref target="RFC7641"/> as to the use of CoAP Observe, from <xref target="RFC7959"/> as to the use of Block-wise transfer for CoAP, and from <xref target="RFC8323"/> as to the use of BERT.</t>
      <t>Security considerations are also inherited from <xref target="I-D.ietf-core-oscore-groupcomm"/> for the use of Group OSCORE and from <xref target="I-D.ietf-core-cacheable-oscore"/> as to the specific use of protected Deterministic Requests and the caching of corresponding protected responses.</t>
      <t>Furthermore, the following security considerations also apply.</t>
      <t>Editor's note: add more security considerations.</t>
    </section>
    <section anchor="sec-iana">
      <name>IANA Considerations</name>
      <t>This document has the following actions for IANA.</t>
      <t>Note to RFC Editor: Please replace all occurrences of "[RFC-XXXX]" with the RFC number of this specification and delete this paragraph.</t>
      <section anchor="iana-coap-option-numbers">
        <name>CoAP Option Numbers Registry</name>
        <t>IANA is asked to enter the following option numbers to the "CoAP Option Numbers" registry <xref target="CoAP.Option.Numbers"/> within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
        <table align="center">
          <name>Registrations in the CoAP Option Numbers Registry</name>
          <thead>
            <tr>
              <th align="left">Number</th>
              <th align="left">Name</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">TBD256</td>
              <td align="left">Checksum</td>
              <td align="left">[RFC-XXXX]</td>
            </tr>
            <tr>
              <td align="left">TBD257</td>
              <td align="left">Pre-OSCORE-Data</td>
              <td align="left">[RFC-XXXX]</td>
            </tr>
          </tbody>
        </table>
      </section>
      <section anchor="iana-informative-response-parameters">
        <name>Informative Response Parameters Registry</name>
        <t>IANA is asked to enter the following entry to the "Informative Response Parameters" registry defined in <xref target="I-D.ietf-core-observe-multicast-notifications"/> within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
        <ul spacing="normal">
          <li>
            <t>Name: progress_indicator</t>
          </li>
          <li>
            <t>CBOR Key: TBD23</t>
          </li>
          <li>
            <t>CBOR Type: uint</t>
          </li>
          <li>
            <t>Reference: [RFC-XXXX]</t>
          </li>
        </ul>
      </section>
      <section anchor="iana-pre-oscore-data-semantics">
        <name>Pre-OSCORE Data Semantics Registry</name>
        <t>This document establishes the "Pre-OSCORE Data Semantics" registry within the "Constrained RESTful Environments (CoRE) Parameters" registry group.</t>
        <t>The registration policy is either "Private Use", "RFC Required With Expert Review", or "Specification Required" per <xref target="RFC8126"/>. "Expert Review" guidelines are provided in <xref target="iana-review"/>.</t>
        <t>All assignments according to "RFC Required With Expert Review" are made on an "RFC Required" basis per <xref section="4.7" sectionFormat="of" target="RFC8126"/> with "Expert Review" additionally required per <xref section="4.5" sectionFormat="of" target="RFC8126"/>. The procedure for early IANA allocation of "standards track code points" defined in <xref target="RFC7120"/> also applies. When such a procedure is used, IANA will ask the designated expert(s) to approve the early allocation before registration. In addition, working group chairs are encouraged to consult the expert(s) early during the process outlined in <xref section="3.1" sectionFormat="of" target="RFC7120"/>.</t>
        <t>The columns of this registry are:</t>
        <ul spacing="normal">
          <li>
            <t>Value: This field contains the value used to identify the semantics of the data that is prepended to the ciphertext conveyed in the CoAP payload of a message protected with OSCORE <xref target="RFC8613"/> or Group OSCORE <xref target="I-D.ietf-core-oscore-groupcomm"/>. These values <bcp14>MUST</bcp14> be unique. The value <bcp14>MUST</bcp14> be an odd unsigned integer, with minimum value 1 and maximum value 4294967293 (i.e., 2<sup>32</sup> - 3). Odd unsigned integer values from 1 to 255 are designated as "RFC Required With Expert Review". Odd unsigned integer values from 257 to 4294965293 are designated as "Specification Required". Odd unsigned integer values from 4294965295 to 4294967293 are marked as "Private Use".</t>
          </li>
          <li>
            <t>Description: This field contains a brief description of the semantics.</t>
          </li>
          <li>
            <t>Reference: This field contains a pointer to the public specification defining the semantics, if one exists.</t>
          </li>
        </ul>
        <t>This registry has been initially populated by the entry in <xref target="_table-pre-oscore-data-semantics"/>.</t>
      </section>
      <section anchor="iana-review">
        <name>Expert Review Instructions</name>
        <t>"RFC Required With Expert Review" and "Specification Required" are two of the registration policies defined for the IANA registry established in this document. This section gives some general guidelines for what the experts should be looking for, but they are being designated as experts for a reason, so they should be given substantial latitude.</t>
        <ul spacing="normal">
          <li>
            <t>Point squatting should be discouraged. Reviewers are encouraged to get sufficient information for registration requests to ensure that the usage is not going to duplicate one that is already registered and that the point is likely to be used in deployments. The zones tagged as "Private Use" are intended for testing purposes and closed environments. Code points in other ranges should not be assigned for testing.</t>
          </li>
          <li>
            <t>Specifications are required for the "RFC Required With Expert Review" range of point assignment. Specifications should exist for "Specification Required" ranges, but early assignment before a specification is available is considered to be permissible. When specifications are not provided, the description provided needs to have sufficient information to identify what the point is being used for.</t>
          </li>
          <li>
            <t>Experts should take into account the expected usage of fields when approving point assignment. The fact that there is a range for RFC documents does not mean that an RFC document cannot have points assigned outside of that range. The length of the encoded value should be weighed against how many code points of that length are left, the size of device it will be used on, and the number of code points left that encode to that size.</t>
          </li>
        </ul>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC5869">
          <front>
            <title>HMAC-based Extract-and-Expand Key Derivation Function (HKDF)</title>
            <author fullname="H. Krawczyk" initials="H." surname="Krawczyk"/>
            <author fullname="P. Eronen" initials="P." surname="Eronen"/>
            <date month="May" year="2010"/>
            <abstract>
              <t>This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5869"/>
          <seriesInfo name="DOI" value="10.17487/RFC5869"/>
        </reference>
        <reference anchor="RFC7120">
          <front>
            <title>Early IANA Allocation of Standards Track Code Points</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <date month="January" year="2014"/>
            <abstract>
              <t>This memo describes the process for early allocation of code points by IANA from registries for which "Specification Required", "RFC Required", "IETF Review", or "Standards Action" policies apply. This process can be used to alleviate the problem where code point allocation is needed to facilitate desired or required implementation and deployment experience prior to publication of an RFC, which would normally trigger code point allocation. The procedures in this document are intended to apply only to IETF Stream documents.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="100"/>
          <seriesInfo name="RFC" value="7120"/>
          <seriesInfo name="DOI" value="10.17487/RFC7120"/>
        </reference>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC7641">
          <front>
            <title>Observing Resources in the Constrained Application Protocol (CoAP)</title>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <date month="September" year="2015"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful application protocol for constrained nodes and networks. The state of a resource on a CoAP server can change over time. This document specifies a simple protocol extension for CoAP that enables CoAP clients to "observe" resources, i.e., to retrieve a representation of a resource and keep this representation updated by the server over a period of time. The protocol follows a best-effort approach for sending new representations to clients and provides eventual consistency between the state observed by each client and the actual resource state at the server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7641"/>
          <seriesInfo name="DOI" value="10.17487/RFC7641"/>
        </reference>
        <reference anchor="RFC7959">
          <front>
            <title>Block-Wise Transfers in the Constrained Application Protocol (CoAP)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="Z. Shelby" initials="Z." role="editor" surname="Shelby"/>
            <date month="August" year="2016"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a RESTful transfer protocol for constrained nodes and networks. Basic CoAP messages work well for small payloads from sensors and actuators; however, applications will need to transfer larger payloads occasionally -- for instance, for firmware updates. In contrast to HTTP, where TCP does the grunt work of segmenting and resequencing, CoAP is based on datagram transports such as UDP or Datagram Transport Layer Security (DTLS). These transports only offer fragmentation, which is even more problematic in constrained nodes and networks, limiting the maximum size of resource representations that can practically be transferred.</t>
              <t>Instead of relying on IP fragmentation, this specification extends basic CoAP with a pair of "Block" options for transferring multiple blocks of information from a resource representation in multiple request-response pairs. In many important cases, the Block options enable a server to be truly stateless: the server can handle each block transfer separately, with no need for a connection setup or other server-side memory of previous block transfers. Essentially, the Block options provide a minimal way to transfer larger representations in a block-wise fashion.</t>
              <t>A CoAP implementation that does not support these options generally is limited in the size of the representations that can be exchanged, so there is an expectation that the Block options will be widely used in CoAP implementations. Therefore, this specification updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7959"/>
          <seriesInfo name="DOI" value="10.17487/RFC7959"/>
        </reference>
        <reference anchor="RFC8126">
          <front>
            <title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
            <author fullname="M. Cotton" initials="M." surname="Cotton"/>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <author fullname="T. Narten" initials="T." surname="Narten"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>Many protocols make use of points of extensibility that use constants to identify various protocol parameters. To ensure that the values in these fields do not have conflicting uses and to promote interoperability, their allocations are often coordinated by a central record keeper. For IETF protocols, that role is filled by the Internet Assigned Numbers Authority (IANA).</t>
              <t>To make assignments in a given registry prudently, guidance describing the conditions under which new values should be assigned, as well as when and how modifications to existing values can be made, is needed. This document defines a framework for the documentation of these guidelines by specification authors, in order to assure that the provided guidance for the IANA Considerations is clear and addresses the various issues that are likely in the operation of a registry.</t>
              <t>This is the third edition of this document; it obsoletes RFC 5226.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="26"/>
          <seriesInfo name="RFC" value="8126"/>
          <seriesInfo name="DOI" value="10.17487/RFC8126"/>
        </reference>
        <reference anchor="RFC8323">
          <front>
            <title>CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="S. Lemay" initials="S." surname="Lemay"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="B. Silverajan" initials="B." surname="Silverajan"/>
            <author fullname="B. Raymor" initials="B." role="editor" surname="Raymor"/>
            <date month="February" year="2018"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP), although inspired by HTTP, was designed to use UDP instead of TCP. The message layer of CoAP over UDP includes support for reliable delivery, simple congestion control, and flow control.</t>
              <t>Some environments benefit from the availability of CoAP carried over reliable transports such as TCP or Transport Layer Security (TLS). This document outlines the changes required to use CoAP over TCP, TLS, and WebSockets transports. It also formally updates RFC 7641 for use with these transports and RFC 7959 to enable the use of larger messages over a reliable transport.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8323"/>
          <seriesInfo name="DOI" value="10.17487/RFC8323"/>
        </reference>
        <reference anchor="RFC8610">
          <front>
            <title>Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures</title>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <author fullname="C. Vigano" initials="C." surname="Vigano"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2019"/>
            <abstract>
              <t>This document proposes a notational convention to express Concise Binary Object Representation (CBOR) data structures (RFC 7049). Its main goal is to provide an easy and unambiguous way to express structures for protocol messages and data formats that use CBOR or JSON.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8610"/>
          <seriesInfo name="DOI" value="10.17487/RFC8610"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC8742">
          <front>
            <title>Concise Binary Object Representation (CBOR) Sequences</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="February" year="2020"/>
            <abstract>
              <t>This document describes the Concise Binary Object Representation (CBOR) Sequence format and associated media type "application/cbor-seq". A CBOR Sequence consists of any number of encoded CBOR data items, simply concatenated in sequence.</t>
              <t>Structured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+cbor-seq" as a structured syntax suffix for CBOR Sequences.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8742"/>
          <seriesInfo name="DOI" value="10.17487/RFC8742"/>
        </reference>
        <reference anchor="RFC8949">
          <front>
            <title>Concise Binary Object Representation (CBOR)</title>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. Hoffman" initials="P." surname="Hoffman"/>
            <date month="December" year="2020"/>
            <abstract>
              <t>The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack.</t>
              <t>This document obsoletes RFC 7049, providing editorial improvements, new details, and errata fixes while keeping full compatibility with the interchange format of RFC 7049. It does not create a new version of the format.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="94"/>
          <seriesInfo name="RFC" value="8949"/>
          <seriesInfo name="DOI" value="10.17487/RFC8949"/>
        </reference>
        <reference anchor="RFC9052">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
              <t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="STD" value="96"/>
          <seriesInfo name="RFC" value="9052"/>
          <seriesInfo name="DOI" value="10.17487/RFC9052"/>
        </reference>
        <reference anchor="RFC9053">
          <front>
            <title>CBOR Object Signing and Encryption (COSE): Initial Algorithms</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines a set of algorithms that can be used with the CBOR Object Signing and Encryption (COSE) protocol (RFC 9052).</t>
              <t>This document, along with RFC 9052, obsoletes RFC 8152.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9053"/>
          <seriesInfo name="DOI" value="10.17487/RFC9053"/>
        </reference>
        <reference anchor="RFC9180">
          <front>
            <title>Hybrid Public Key Encryption</title>
            <author fullname="R. Barnes" initials="R." surname="Barnes"/>
            <author fullname="K. Bhargavan" initials="K." surname="Bhargavan"/>
            <author fullname="B. Lipp" initials="B." surname="Lipp"/>
            <author fullname="C. Wood" initials="C." surname="Wood"/>
            <date month="February" year="2022"/>
            <abstract>
              <t>This document describes a scheme for hybrid public key encryption (HPKE). This scheme provides a variant of public key encryption of arbitrary-sized plaintexts for a recipient public key. It also includes three authenticated variants, including one that authenticates possession of a pre-shared key and two optional ones that authenticate possession of a key encapsulation mechanism (KEM) private key. HPKE works for any combination of an asymmetric KEM, key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. Some authenticated variants may not be supported by all KEMs. We provide instantiations of the scheme using widely used and efficient primitives, such as Elliptic Curve Diffie-Hellman (ECDH) key agreement, HMAC-based key derivation function (HKDF), and SHA2.</t>
              <t>This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9180"/>
          <seriesInfo name="DOI" value="10.17487/RFC9180"/>
        </reference>
        <reference anchor="I-D.ietf-core-href">
          <front>
            <title>Constrained Resource Identifiers</title>
            <author fullname="Carsten Bormann" initials="C." surname="Bormann">
              <organization>Universität Bremen TZI</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <date day="21" month="November" year="2025"/>
            <abstract>
              <t>   The Constrained Resource Identifier (CRI) is a complement to the
   Uniform Resource Identifier (URI) that represents the URI components
   in Concise Binary Object Representation (CBOR) rather than as a
   sequence of characters.  This approach simplifies parsing,
   comparison, and reference resolution in environments with severe
   limitations on processing power, code size, and memory size.

   This RFC updates RFC 7595 by adding a column on the "URI Schemes"
   registry.


   // (This "cref" paragraph will be removed by the RFC editor:) After
   // approval of -28 and nit fixes in -29, the present revision -30
   // contains two more small fixes for nits that were uncovered in the
   // RPC intake process.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-href-30"/>
        </reference>
        <reference anchor="I-D.ietf-cose-hpke">
          <front>
            <title>Use of Hybrid Public-Key Encryption (HPKE) with CBOR Object Signing and Encryption (COSE)</title>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of the Bundeswehr Munich</organization>
            </author>
            <author fullname="Michael B. Jones" initials="M. B." surname="Jones">
              <organization>Self-Issued Consulting</organization>
            </author>
            <author fullname="Orie Steele" initials="O." surname="Steele">
              <organization>Tradeverifyd</organization>
            </author>
            <author fullname="Ajitomi, Daisuke" initials="A." surname="Daisuke">
              <organization>bibital LLC</organization>
            </author>
            <author fullname="Laurence Lundblade" initials="L." surname="Lundblade">
              <organization>Security Theory LLC</organization>
            </author>
            <date day="4" month="July" year="2026"/>
            <abstract>
              <t>   This specification defines hybrid public-key encryption (HPKE) for
   use with CBOR Object Signing and Encryption (COSE).  HPKE offers a
   variant of public-key encryption of arbitrary-sized plaintexts for a
   recipient public key.

   HPKE is a general encryption framework utilizing an asymmetric key
   encapsulation mechanism (KEM), a key derivation function (KDF), and
   an Authenticated Encryption with Associated Data (AEAD) algorithm.

   This document defines the use of HPKE with COSE.  Authentication for
   HPKE in COSE is provided by COSE-native security mechanisms or by the
   pre-shared key authenticated variant of HPKE.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-cose-hpke-26"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-groupcomm">
          <front>
            <title>Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Göran Selander" initials="G." surname="Selander">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="John Preuß Mattsson" initials="J. P." surname="Mattsson">
              <organization>Ericsson AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="23" month="December" year="2025"/>
            <abstract>
              <t>   This document defines the security protocol Group Object Security for
   Constrained RESTful Environments (Group OSCORE), providing end-to-end
   security of messages exchanged with the Constrained Application
   Protocol (CoAP) between members of a group, e.g., sent over IP
   multicast.  In particular, the described protocol defines how OSCORE
   is used in a group communication setting to provide source
   authentication for CoAP group requests, sent by a client to multiple
   servers, and for protection of the corresponding CoAP responses.
   Group OSCORE also defines a pairwise mode where each member of the
   group can efficiently derive a symmetric pairwise key with each other
   member of the group for pairwise OSCORE communication.  Group OSCORE
   can be used between endpoints communicating with CoAP or CoAP-
   mappable HTTP.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-groupcomm-28"/>
        </reference>
        <reference anchor="I-D.ietf-core-groupcomm-bis">
          <front>
            <title>Group Communication for the Constrained Application Protocol (CoAP)</title>
            <author fullname="Esko Dijk" initials="E." surname="Dijk">
              <organization>IoTconsultancy.nl</organization>
            </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="10" month="February" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) is a web transfer
   protocol for constrained devices and constrained networks.  In a
   number of use cases, constrained devices often naturally operate in
   groups (e.g., in a building automation scenario, all lights in a
   given room may need to be switched on/off as a group).  This document
   specifies the use of CoAP for group communication, including the use
   of UDP/IP multicast as the default underlying data transport.  Both
   unsecured and secured CoAP group communication are specified.
   Security is achieved by use of the Group Object Security for
   Constrained RESTful Environments (Group OSCORE) protocol.  The target
   application area of this specification is any group communication use
   cases that involve resource-constrained devices or networks that
   support CoAP.  This document replaces and obsoletes RFC 7390, while
   it updates RFC 7252 and RFC 7641.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-groupcomm-bis-18"/>
        </reference>
        <reference anchor="I-D.ietf-core-cacheable-oscore">
          <front>
            <title>End-to-End Protected and Cacheable Responses for the Constrained Application Protocol (CoAP) using Group Object Security for Constrained RESTful Environments (Group OSCORE)</title>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   When using the Constrained Application Protocol (CoAP), exchanged
   messages can be protected end-to-end also across untrusted
   intermediary proxies.  This can be achieved with Object Security for
   Constrained RESTful Environments (OSCORE) or, in the case of group
   communication, with Group Object Security for Constrained RESTful
   Environments (Group OSCORE).  However, this sidesteps the proxies'
   abilities to cache responses from the origin server(s).  This
   document restores cacheability of end-end protected responses at
   proxies, by using Group OSCORE and introducing consensus requests,
   which any client in an OSCORE group can send to one server or
   multiple servers in the same group.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-cacheable-oscore-01"/>
        </reference>
        <reference anchor="I-D.ietf-core-observe-multicast-notifications">
          <front>
            <title>Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  In some use
   cases, such as those based on publish-subscribe, it would be
   convenient for the server to send a single notification addressed to
   all the clients observing the same target resource.  This document
   updates RFC7252 and RFC7641, and it defines how a server sends
   observe notifications as response messages over multicast,
   synchronizing all the observers of the same resource on the same
   shared Token value.  Besides, this document defines how the security
   protocol Group Object Security for Constrained RESTful Environments
   (Group OSCORE) can be used to protect multicast notifications end-to-
   end between the server and the observer clients.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-observe-multicast-notifications-14"/>
        </reference>
        <reference anchor="COSE.Algorithms" target="https://www.iana.org/assignments/cose/cose.xhtml#algorithms">
          <front>
            <title>COSE Algorithms</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="CoAP.Option.Numbers" target="https://www.iana.org/assignments/core-parameters/core-parameters.xhtml#option-numbers">
          <front>
            <title>CoAP Option Numbers</title>
            <author>
              <organization>IANA</organization>
            </author>
            <date/>
          </front>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC4301">
          <front>
            <title>Security Architecture for the Internet Protocol</title>
            <author fullname="S. Kent" initials="S." surname="Kent"/>
            <author fullname="K. Seo" initials="K." surname="Seo"/>
            <date month="December" year="2005"/>
            <abstract>
              <t>This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4301"/>
          <seriesInfo name="DOI" value="10.17487/RFC4301"/>
        </reference>
        <reference anchor="RFC4303">
          <front>
            <title>IP Encapsulating Security Payload (ESP)</title>
            <author fullname="S. Kent" initials="S." surname="Kent"/>
            <date month="December" year="2005"/>
            <abstract>
              <t>This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP is used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality. This document obsoletes RFC 2406 (November 1998). [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4303"/>
          <seriesInfo name="DOI" value="10.17487/RFC4303"/>
        </reference>
        <reference anchor="RFC5052">
          <front>
            <title>Forward Error Correction (FEC) Building Block</title>
            <author fullname="M. Watson" initials="M." surname="Watson"/>
            <author fullname="M. Luby" initials="M." surname="Luby"/>
            <author fullname="L. Vicisano" initials="L." surname="Vicisano"/>
            <date month="August" year="2007"/>
            <abstract>
              <t>This document describes how to use Forward Error Correction (FEC) codes to efficiently provide and/or augment reliability for bulk data transfer over IP multicast. This document defines a framework for the definition of the information that needs to be communicated in order to use an FEC code for bulk data transfer, in addition to the encoded data itself, and for definition of formats and codes for communication of that information. Both information communicated with the encoded data itself and information that needs to be communicated 'out-of-band' are considered. The procedures for specifying new FEC codes, defining the information communication requirements associated with those codes and registering them with the Internet Assigned Numbers Authority (IANA) are also described. The requirements on Content Delivery Protocols that wish to use FEC codes defined within this framework are also defined. The companion document titled "The Use of Forward Error Correction (FEC) in Reliable Multicast" describes some applications of FEC codes for delivering content. This document obsoletes RFC 3452. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5052"/>
          <seriesInfo name="DOI" value="10.17487/RFC5052"/>
        </reference>
        <reference anchor="RFC5401">
          <front>
            <title>Multicast Negative-Acknowledgment (NACK) Building Blocks</title>
            <author fullname="B. Adamson" initials="B." surname="Adamson"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="M. Handley" initials="M." surname="Handley"/>
            <author fullname="J. Macker" initials="J." surname="Macker"/>
            <date month="November" year="2008"/>
            <abstract>
              <t>This document discusses the creation of reliable multicast protocols that utilize negative-acknowledgment (NACK) feedback. The rationale for protocol design goals and assumptions are presented. Technical challenges for NACK-based (and in some cases general) reliable multicast protocol operation are identified. These goals and challenges are resolved into a set of functional "building blocks" that address different aspects of reliable multicast protocol operation. It is anticipated that these building blocks will be useful in generating different instantiations of reliable multicast protocols. This document obsoletes RFC 3941. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5401"/>
          <seriesInfo name="DOI" value="10.17487/RFC5401"/>
        </reference>
        <reference anchor="RFC5740">
          <front>
            <title>NACK-Oriented Reliable Multicast (NORM) Transport Protocol</title>
            <author fullname="B. Adamson" initials="B." surname="Adamson"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="M. Handley" initials="M." surname="Handley"/>
            <author fullname="J. Macker" initials="J." surname="Macker"/>
            <date month="November" year="2009"/>
            <abstract>
              <t>This document describes the messages and procedures of the Negative- ACKnowledgment (NACK) Oriented Reliable Multicast (NORM) protocol. This protocol can provide end-to-end reliable transport of bulk data objects or streams over generic IP multicast routing and forwarding services. NORM uses a selective, negative acknowledgment mechanism for transport reliability and offers additional protocol mechanisms to allow for operation with minimal a priori coordination among senders and receivers. A congestion control scheme is specified to allow the NORM protocol to fairly share available network bandwidth with other transport protocols such as Transmission Control Protocol (TCP). It is capable of operating with both reciprocal multicast routing among senders and receivers and with asymmetric connectivity (possibly a unicast return path) between the senders and receivers. The protocol offers a number of features to allow different types of applications or possibly other higher-level transport protocols to utilize its service in different ways. The protocol leverages the use of FEC-based (forward error correction) repair and other IETF Reliable Multicast Transport (RMT) building blocks in its design. This document obsoletes RFC 3940. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5740"/>
          <seriesInfo name="DOI" value="10.17487/RFC5740"/>
        </reference>
        <reference anchor="RFC5775">
          <front>
            <title>Asynchronous Layered Coding (ALC) Protocol Instantiation</title>
            <author fullname="M. Luby" initials="M." surname="Luby"/>
            <author fullname="M. Watson" initials="M." surname="Watson"/>
            <author fullname="L. Vicisano" initials="L." surname="Vicisano"/>
            <date month="April" year="2010"/>
            <abstract>
              <t>This document describes the Asynchronous Layered Coding (ALC) protocol, a massively scalable reliable content delivery protocol. Asynchronous Layered Coding combines the Layered Coding Transport (LCT) building block, a multiple rate congestion control building block and the Forward Error Correction (FEC) building block to provide congestion controlled reliable asynchronous delivery of content to an unlimited number of concurrent receivers from a single sender. This document obsoletes RFC 3450. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5775"/>
          <seriesInfo name="DOI" value="10.17487/RFC5775"/>
        </reference>
        <reference anchor="RFC6726">
          <front>
            <title>FLUTE - File Delivery over Unidirectional Transport</title>
            <author fullname="T. Paila" initials="T." surname="Paila"/>
            <author fullname="R. Walsh" initials="R." surname="Walsh"/>
            <author fullname="M. Luby" initials="M." surname="Luby"/>
            <author fullname="V. Roca" initials="V." surname="Roca"/>
            <author fullname="R. Lehtonen" initials="R." surname="Lehtonen"/>
            <date month="November" year="2012"/>
            <abstract>
              <t>This document defines File Delivery over Unidirectional Transport (FLUTE), a protocol for the unidirectional delivery of files over the Internet, which is particularly suited to multicast networks. The specification builds on Asynchronous Layered Coding, the base protocol designed for massively scalable multicast distribution. This document obsoletes RFC 3926. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6726"/>
          <seriesInfo name="DOI" value="10.17487/RFC6726"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="RFC9019">
          <front>
            <title>A Firmware Update Architecture for Internet of Things</title>
            <author fullname="B. Moran" initials="B." surname="Moran"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="D. Brown" initials="D." surname="Brown"/>
            <author fullname="M. Meriac" initials="M." surname="Meriac"/>
            <date month="April" year="2021"/>
            <abstract>
              <t>Vulnerabilities in Internet of Things (IoT) devices have raised the need for a reliable and secure firmware update mechanism suitable for devices with resource constraints. Incorporating such an update mechanism is a fundamental requirement for fixing vulnerabilities, but it also enables other important capabilities such as updating configuration settings and adding new functionality.</t>
              <t>In addition to the definition of terminology and an architecture, this document provides the motivation for the standardization of a manifest format as a transport-agnostic means for describing and protecting firmware updates.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9019"/>
          <seriesInfo name="DOI" value="10.17487/RFC9019"/>
        </reference>
        <reference anchor="RFC9124">
          <front>
            <title>A Manifest Information Model for Firmware Updates in Internet of Things (IoT) Devices</title>
            <author fullname="B. Moran" initials="B." surname="Moran"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
            <date month="January" year="2022"/>
            <abstract>
              <t>Vulnerabilities with Internet of Things (IoT) devices have raised the need for a reliable and secure firmware update mechanism that is also suitable for constrained devices. Ensuring that devices function and remain secure over their service lifetime requires such an update mechanism to fix vulnerabilities, update configuration settings, and add new functionality.</t>
              <t>One component of such a firmware update is a concise and machine-processable metadata document, or manifest, that describes the firmware image(s) and offers appropriate protection. This document describes the information that must be present in the manifest.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9124"/>
          <seriesInfo name="DOI" value="10.17487/RFC9124"/>
        </reference>
        <reference anchor="RFC9200">
          <front>
            <title>Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)</title>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="E. Wahlstroem" initials="E." surname="Wahlstroem"/>
            <author fullname="S. Erdtman" initials="S." surname="Erdtman"/>
            <author fullname="H. Tschofenig" initials="H." surname="Tschofenig"/>
            <date month="August" year="2022"/>
            <abstract>
              <t>This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE-OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9200"/>
          <seriesInfo name="DOI" value="10.17487/RFC9200"/>
        </reference>
        <reference anchor="RFC9528">
          <front>
            <title>Ephemeral Diffie-Hellman Over COSE (EDHOC)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Preuß Mattsson" initials="J." surname="Preuß Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <date month="March" year="2024"/>
            <abstract>
              <t>This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. EDHOC provides mutual authentication, forward secrecy, and identity protection. EDHOC is intended for usage in constrained scenarios, and a main use case is to establish an Object Security for Constrained RESTful Environments (OSCORE) security context. By reusing CBOR Object Signing and Encryption (COSE) for cryptography, Concise Binary Object Representation (CBOR) for encoding, and Constrained Application Protocol (CoAP) for transport, the additional code size can be kept very low.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9528"/>
          <seriesInfo name="DOI" value="10.17487/RFC9528"/>
        </reference>
        <reference anchor="I-D.ietf-ace-key-groupcomm-oscore">
          <front>
            <title>Key Management for Group Object Security for Constrained RESTful Environments (Group OSCORE) Using Authentication and Authorization for Constrained Environments (ACE)</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="14" month="March" year="2026"/>
            <abstract>
              <t>   This document defines an application profile of the Authentication
   and Authorization for Constrained Environments (ACE) framework, to
   request and provision keying material in group communication
   scenarios that are based on the Constrained Application Protocol
   (CoAP) and are secured with Group Object Security for Constrained
   RESTful Environments (Group OSCORE).  This application profile
   delegates the authentication and authorization of Clients, which join
   an OSCORE group through a Resource Server acting as Group Manager for
   that group.  This application profile leverages protocol-specific
   transport profiles of ACE to achieve communication security, server
   authentication, and proof of possession of a key owned by the Client
   and bound to an OAuth 2.0 access token.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-ace-key-groupcomm-oscore-21"/>
        </reference>
        <reference anchor="I-D.ietf-core-oscore-capable-proxies">
          <front>
            <title>OSCORE-capable Proxies</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   When using the Constrained Application Protocol (CoAP), messages
   exchanged between two endpoints can be protected end-to-end at the
   application layer by means of Object Security for Constrained RESTful
   Environments (OSCORE), also in the presence of intermediaries such as
   proxies.  This document defines how to use OSCORE for protecting CoAP
   messages also between an origin application endpoint and an
   intermediary, or between two intermediaries.  Also, it defines rules
   to escalate the protection of a CoAP option, in order to encrypt and
   integrity-protect it whenever possible.  Finally, it defines how to
   secure a CoAP message by applying multiple, nested OSCORE
   protections, e.g., both end-to-end between origin application
   endpoints; and between an application endpoint and an intermediary or
   between two intermediaries.  Therefore, this document updates RFC
   8613.  Furthermore, this document updates RFC 8768, by explicitly
   defining the processing with OSCORE for the CoAP Hop-Limit Option.
   The approach defined in this document can be seamlessly employed also
   with Group OSCORE, for protecting CoAP messages when group
   communication is used in the presence of intermediaries.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-oscore-capable-proxies-06"/>
        </reference>
        <reference anchor="I-D.ietf-suit-manifest">
          <front>
            <title>A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest</title>
            <author fullname="Brendan Moran" initials="B." surname="Moran">
              <organization>Arm Limited</organization>
            </author>
            <author fullname="Hannes Tschofenig" initials="H." surname="Tschofenig">
              <organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
            </author>
            <author fullname="Henk Birkholz" initials="H." surname="Birkholz">
              <organization>Fraunhofer SIT</organization>
            </author>
            <author fullname="Koen Zandberg" initials="K." surname="Zandberg">
              <organization>Inria</organization>
            </author>
            <author fullname="Øyvind Rønningstad" initials="O." surname="Rønningstad">
              <organization>Nordic Semiconductor</organization>
            </author>
            <date day="18" month="June" year="2026"/>
            <abstract>
              <t>   This specification describes the format of a manifest.  A manifest is
   a bundle of metadata about code/data obtained by a recipient (chiefly
   the firmware for an Internet of Things (IoT) device), where to find
   the code/data, the devices to which it applies, and cryptographic
   information protecting the manifest.  Software updates and Trusted
   Invocation both tend to use sequences of common operations, so the
   manifest encodes those sequences of operations, rather than declaring
   the metadata.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-suit-manifest-37"/>
        </reference>
        <reference anchor="I-D.ietf-core-multicast-notifications-proxy">
          <front>
            <title>Using Proxies for Observe Notifications as CoAP Multicast Responses</title>
            <author fullname="Marco Tiloca" initials="M." surname="Tiloca">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Rikard Höglund" initials="R." surname="Höglund">
              <organization>RISE AB</organization>
            </author>
            <author fullname="Christian Amsüss" initials="C." surname="Amsüss">
         </author>
            <author fullname="Francesca Palombini" initials="F." surname="Palombini">
              <organization>Ericsson AB</organization>
            </author>
            <date day="22" month="April" year="2026"/>
            <abstract>
              <t>   The Constrained Application Protocol (CoAP) allows clients to
   "observe" resources at a server and to receive notifications as
   unicast responses upon changes of the resource state.  Instead of
   sending a distinct unicast notification to each different client, a
   server can alternatively send a single notification as a response
   message over multicast, to all the clients observing the same target
   resource.  When doing so, the security protocol Group Object Security
   for Constrained RESTful Environments (Group OSCORE) can be used to
   protect multicast notifications end-to-end between the server and the
   observer clients.  This document describes how multicast
   notifications can be used in network setups that leverage a proxy,
   e.g., in order to accommodate clients that are not able to directly
   listen to multicast traffic.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-core-multicast-notifications-proxy-01"/>
        </reference>
        <reference anchor="FIPS203" target="https://doi.org/10.6028/NIST.FIPS.203">
          <front>
            <title>Module-Lattice-Based Key-Encapsulation Mechanism Standard</title>
            <author>
              <organization/>
            </author>
            <date year="2024" month="August"/>
          </front>
          <seriesInfo name="NIST" value="FIPS 203"/>
        </reference>
        <reference anchor="NIST-800-56A" target="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf">
          <front>
            <title>Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography - NIST Special Publication 800-56A, Revision 3</title>
            <author initials="E." surname="Barker" fullname="Elaine Barker">
              <organization/>
            </author>
            <author initials="L." surname="Chen" fullname="Lily Chen">
              <organization/>
            </author>
            <author initials="A." surname="Roginsky" fullname="Allen Roginsky">
              <organization/>
            </author>
            <author initials="A." surname="Vassilev" fullname="Apostol Vassilev">
              <organization/>
            </author>
            <author initials="R." surname="Davis" fullname="Richard Davis">
              <organization/>
            </author>
            <date year="2018" month="April"/>
          </front>
        </reference>
      </references>
    </references>
    <?line 1090?>

<section anchor="alternatives">
      <name>Alternatives for Group Content Distribution</name>
      <t>Other relevant approaches have been proposed for distributing content to multiple recipients over IP multicast. In the following subsections, those are briefly overviewed and functionally compared with the method described in this document.</t>
      <section anchor="sec-flute">
        <name>FLUTE</name>
        <t>The protocol File Delivery over Unidirectional Transport (FLUTE) <xref target="RFC6726"/> provides unidirectional delivery of files from a single sender to multiple recipients, without requiring communication in the opposite direction. Building on the Asynchronous Layered Coding (ALC) protocol <xref target="RFC5775"/>, the "objects" that are transferred in FLUTE are files and File Delivery Tables (FDTs) providing metadata and information related to the transferred files. Each object is identified by a Transmission Object Identifier (TOI) chosen by the sender and is sent through one or more ALC packets over UDP and IP multicast.</t>
        <t>In FLUTE, the sender creates a "session", as a bundle of channels within which objects will be distributed to all the recipients that have joined those channels. A channel is identified by an IP multicast address and port number where FLUTE packets will be sent, while a session is identified by the IP address of the sender paired with a Transport Session Identifier (TSI) chosen by the sender.</t>
        <t>To provide reliability and avoid the need for communication from the recipients to the sender, FLUTE uses Forward Error Correction (FEC) <xref target="RFC5052"/> for each packet, indicating the specific FEC scheme used on a per-packet basis. Consequently, as long as it correctly receives enough packets, a recipient is able to recover the whole object, even in the case of packet loss or packet corruption.</t>
        <t>FLUTE acknowledges the risk of attacks where an adversary corrupts packets or inject corrupted ones, which can prevent recipients from recovering a distributed object. To counteract such attacks, FLUTE recommends to provide source authentication and content integrity both at an object level (e.g., through a digital signature) and at a packet level (e.g., through a group-keyed message authentication code). While FLUTE does not provide means to enforce such countermeasures, FLUTE recommends to rely on IPsec/ESP in transport mode <xref target="RFC4303"/>.</t>
        <t>In comparison with FLUTE, the following holds for the method described in this document.</t>
        <ul spacing="normal">
          <li>
            <t>The metadata and other information related to the image to transfer are separately distributed as part of the corresponding manifest (see <xref target="sec-release-notif"/>).</t>
          </li>
          <li>
            <t>The Proxy corresponds to the FLUTE sender and provides the Devices with the inner chunks of the image retrieved from the Distributor (see <xref target="sec-distribution"/>). In particular, each inner chunk corresponds to a file object in FLUTE and is transferred during an epoch, which corresponds to a FLUTE session consisting of a single channel. Within an epoch, each outer chunk corresponds to a FLUTE packet.</t>
          </li>
          <li>
            <t>Information to participate in the distribution of the image (i.e., equivalent to parameters for the file delivery session in FLUTE) is split into security-related and transport-related. The former information is obtained when joining the OSCORE group that includes both the Devices and the Distributor (see <xref target="sec-arch"/>). The latter information is provided by the Proxy to the Devices as they enroll in an epoch, by means of the "Hold-on Response" sent during the "Admission" phase of that epoch (see <xref target="sec-distribution-proxy-admission"/>).</t>
          </li>
          <li>
            <t>Integrity at the image level relies on the digital signature computed over (a digest of) the image and included in the manifest (see <xref target="sec-arch"/>).</t>
          </li>
          <li>
            <t>Protection of the inner chunks relies on using the group mode of Group OSCORE, providing source authentication and end-to-end security between the Distributor and the Devices through the Proxy. This corresponds to the protection at the file level in FLUTE.</t>
          </li>
          <li>
            <t>Integrity of the outer chunks relies on the embedded checksums computed by the Proxy (see <xref target="sec-mac"/>). This corresponds to the integrity protection at the packet level in FLUTE.</t>
          </li>
          <li>
            <t>Unlike in FLUTE, there is communication from the Devices to the Proxy, i.e., to subscribe for the latest manifest as well as to enroll in the distribution of inner chunks of the image.</t>
          </li>
          <li>
            <t>Unlike in FLUTE, there is no required use of FEC, e.g., on the distributed outer chunks. Instead, during an epoch transferring an inner chunk, Devices can request the retransmission of outer chunks that were not received correctly in that same epoch. Those can be selectively re-requested from the Proxy during the "Recovery Claim" phase of that epoch, so that they are distributed again during the immediately following "Recovery Transfer" phase of that epoch.  </t>
            <t>
Also, consecutive epochs are used to transfer consecutive inner chunks of the image. After the last inner chunk of the image has been transferred, the next epoch is used to transfer again the first inner chunk of the image, i.e., the transfer of the whole image is repeated. While this enables newly-enrolled Devices to start retrieving the image, it also allows previously-enrolled Devices to enroll in the new transfer of the image for retrieving inner chunks that they did not successfully receive during a previous distribution.</t>
          </li>
        </ul>
      </section>
      <section anchor="norm">
        <name>NORM</name>
        <t>The protocol NACK-Oriented Reliable Multicast (NORM) <xref target="RFC5740"/> provides efficient, scalable, robust, and reliable transport of bulk data objects or streams from one or more senders to a group of receivers over an IP multicast network.</t>
        <t>NORM data objects are sent to the IP multicast address and port number associated with a NORM session. Each node participating in a NORM session is identified by a session-unique NormNodeId. The transfer of a NORM data object occurs within an instance of NORM session, which is identified by a NormInstanceId. Specifically, transmitted NORM data objects are temporarily, yet uniquely, identified within the NormSession context using the data sender's NormNodeId, the NormInstanceId, and a temporary NormTransportId associated with the data object.</t>
        <t>To provide reliability, NORM relies on Forward Error Correction (FEC) repair <xref target="RFC5052"/> as well as on a selective, negative acknowledgment (NACK) mechanism <xref target="RFC5401"/> as a feedback from the data receivers to the data sender.</t>
        <t>According to the specific FEC scheme used, the data sender splits the data object into FEC coding blocks, each of which is organized into a number of segments. Each segment comprises one or more source or encoding symbols, and it is conveyed as the payload of a NORM_DATA message. Consequently, as long as it correctly receives enough messages, a receiver is able to recover the whole data object, even in the case of message loss or message corruption.</t>
        <t>A receiver can transmit a negative acknowledgment (NACK) message in order to request a repair transmission of data and/or FEC content from the data sender. A receiver prepares a NACK according to a process that is triggered by local timeouts or by the reception of specific NORM_CMD(FLUSH) messages from the data sender that elicit for a NACK. The actual transmission of a NACK is probabilistically suppressed based on exponentially distributed random backoff timers, in order to avoid an implosion of redundant feedback in the network. Like other feedback messages, NACK messages can be transmitted over multicast to the group at large, or instead over unicast to the data sender. In the latter case, the data sender aggregates the received feedback and relays the result over multicast to the group at large, by means of specific NORM_CMD(REPAIR_ADV) messages.</t>
        <t>Regarding security, NORM acknowledges the risk of attacks where an adversary might engage in excessively transmitting NACK messages, in an attempt to prevent the data sender from making forward progress in the reliable transmission of data. To counteract such a risk and achieve other security properties, NORM suggests the use of IPsec <xref target="RFC4301"/>, with which NORM implementations are required to be compatible. Furthermore, NORM recommends the additional use of application-level integrity-checking of received data content, even when IPsec is used.</t>
        <t>In comparison with NORM, the following holds for the method described in this document.</t>
        <ul spacing="normal">
          <li>
            <t>The metadata and other information related to the image to transfer are separately distributed as part of the corresponding manifest (see <xref target="sec-release-notif"/>).</t>
          </li>
          <li>
            <t>The Proxy corresponds to the NORM data sender and provides the Devices with the inner chunks of the image retrieved from the Distributor (see <xref target="sec-distribution"/>). In particular, each inner chunk corresponds to a data object in NORM and is transferred during an epoch, which corresponds to a NORM session. Within an epoch, each outer chunk corresponds to a NORM_DATA message conveying a segment.</t>
          </li>
          <li>
            <t>Information to participate in the distribution of the image (i.e., equivalent to parameters for the NORM session) is split into security-related and transport-related (see the third bullet point in <xref target="sec-flute"/>).</t>
          </li>
          <li>
            <t>Integrity at the image level relies on the digital signature computed over (a digest of) the image and included in the manifest (see <xref target="sec-arch"/>).</t>
          </li>
          <li>
            <t>Protection of the inner chunks relies on using the group mode of Group OSCORE, providing source authentication and end-to-end security between the Distributor and the Devices through the Proxy. This corresponds to application-level integrity-checking of received data content that NORM recommends.</t>
          </li>
          <li>
            <t>Integrity of the outer chunks relies on the embedded checksums computed by the Proxy (see <xref target="sec-mac"/>). This corresponds to the integrity protection of NORM_DATA messages, e.g., from using IPsec.</t>
          </li>
          <li>
            <t>Unlike in NORM, there is communication from the Devices to the Proxy for actively enrolling in and triggering the distribution of inner chunks of the image.</t>
          </li>
          <li>
            <t>Unlike in NORM, there is no required use of FEC, e.g., on the distributed outer chunks.</t>
          </li>
          <li>
            <t>During an epoch transferring an inner chunk, Devices can request the retransmission of outer chunks that were not received correctly in that same epoch. Those can be selectively re-requested from the Proxy during the "Recovery Claim" phase of that epoch, so that they are distributed again during the immediately following "Recovery Transfer" phase of that epoch.  </t>
            <t>
Unlike in NORM, such repair requests are only intended to the Proxy, ask for the retransmission of exactly one outer chunk each, and are only pertinent to the "Recovery Phase" of the specific epoch for which the requested outer chunks have been missed. Therefore, only such outer chunks are going to be distributed again in the immediately following "Recovery Transfer" phase of that epoch. Instead, outer chunks of a different inner chunk are distributed during the later epoch corresponding to that inner chunk, consistent with the sequential and cyclical distribution of inner chunks, each during an exclusively dedicated epoch.</t>
          </li>
        </ul>
      </section>
    </section>
    <section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>The author sincerely thanks <contact fullname="Christian Amsüss"/>, <contact fullname="Peter Blomqvist"/>, <contact fullname="Carsten Bormann"/>, <contact fullname="Rikard Höglund"/>, <contact fullname="Göran Selander"/>, and <contact fullname="Mališa Vučinić"/> for their comments and feedback.</t>
      <t>The work on this document has been partly supported by the Sweden's Innovation Agency VINNOVA and the Celtic-Next projects CRITISEC and CYPRESS.</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA+292XYbV7Yg+M6viKbXapNOABYpyZaZ6ayiSCrFZQ1sUkpn
9u1bWkEgAEYqEAFHBEjxSq7Xeup/6P6JeuqnvtX/1Xs8U5wAQEl2OusmVzpF
AhFn2GefPQ/D4XDr+iC5v7XV5m2RHSTHedPW+eWyzasyqabJRTVtb9I6S14v
JmmbNclN3l4lJ+Vk2FZD+Ce5yMZL+PpPdbVcJEfVfL4s83FKr6fw9eOiGr8d
/pg3WfKqTstmmtXJtKrhycOzrfTyss5g+osfZXgeHb+TAcfugFuTalymc1jl
pE6n7bDNYfB02O639WzY3AyXNMZwhm/ii8MCV9xubeWL+iBp62XT7t+79929
/a2b2UHy6iovZ7gL+iU5z5osrcdXPPHW25uD5LRss7rM2uExTrcFizhIsneL
rWZ5Oc+bBlbU3i5gNafnr55sbY2rCYxzkCzb6fDR1la6bK+q+mAroZ+h/Jsk
edkcJM9HyStavPmY9/UcVlCFX1U1jHp+enGSHD42H8IpZRms57RJp3+r6kkz
S9u0TPb3zRPjvL09SH6A87RDwRphlouT4d43D5IH95zPl2Vbw+MXN9kkK83n
2TzNi4NkjssaMbj/c52Pmmxrq6zqOZzKdYZbPH9y9PDRN98dJFdvJ1P++9u9
/XsHSZ6W6RDgWtwO0wJfp3PkB/Yf7h/AzOlC/v7mwd5BUl02WX2dyUffPYQx
LwmFbgCF+NNHe/vfyMizZT7JirzMGvnq/v59HnPYjmXcR9/swULGk0lh/oZn
qmZc1Trgtw9wJZdVPWyyn+Sz7x58x5/x39/d49XqIuDv+/w3bGwm03+39wim
ulq8xYdOh8ejPANkwImGV3U2ha/g//2v4H18XoaKvspLtWh9kNCvQ7MF/3GL
/pd5o88KmP0nx+n4KksvC50CFhF80l0LH89wvixauJVNOyyrNp/KBYXpgi9g
gKOXFyejw2JW1XC35w3fCP92EIafHr44pL/xEh8k07QgWCeJUCYcJ7Hj8Fdp
PcNbcNW2i+bg669vbm5GiBgjGPHrFK7orJxnZdt8jdCl/xu9u2rnxRepOw7S
m9HLBe5g9GI5v8zqT1gl0i4eK5Gx7rpSAPMirYEeAPXp/C3rr2iGYSkzbOXl
NLiPD+7fg+uUL5psbD64jx8Ajo+HWSO34yHh9VQfevgA3yrT8Vv5+9sHgNF4
1/Xvbx8eJGkhj3/zLV7FabFs9So9eAAftIVeiHt7cIuaZd4OkbbqLdl/IB/O
0zKfIonmL4A6w+BjvWIP9x8BwZ1cVWMXD+H74dvs1sFzxV78Ri/LvO8ajdMF
Ifiirt7lWaOUQP92X/OWGKx4KKTBn6PnWtDgt53LwR/DIE9Ozy724XRcRHpe
TZawzGdpC69kw8dpk02SH2DfJyVsoVkWzGOfZ+MrWFIzTy6A/k/SeuJg5/69
/QfDe4/oE7i3sD3EE8Xn7RenF6+2D5JtnB6evb8dxdRJlROS7t0bfXNv/9HX
+NYIXxnBK/AG/j18dO/e8OE3h7FrE7C+k1HyOK3fZnXA+k6KFOi4/13w6rNR
cnTlcCd+8Vle3LqfBy8djpLzaga/vr0NXjwsiqwMv+y+/We8nUV2Hb69qJq2
KsKvg/fPR8lxep03wcvnOZxaPXG+k1M/zxCjMzhIOl2UlM7SvGYBik4f2Pll
kTdXSC2SCyDXcxDKXjcowoDsNq6BSiTPqllK1C05qm8XbTWr08XVbTKks0ou
Ftk4T4vkbAkDiagm5zeABcCK8JP7Hh7tPRreexBFj/K6WCwvmxHgYDuaVddf
4y/4ydcyjzNNw8hzcTaS+er7owUIDFuwF5RWYIKLk2dPACX/Be7/8C/w86/b
W1vD4TBJL0HiSccgzIG41iQgCS4JApNsiuw/SROgj1fVhECWTeHq5fA1YMbE
CLQAoTRpVJ5lYTFpK76ViyKTrcGQ13DjmkFyeZssCbAZi7vwD1wjEndnXek0
qa5Btn19fEZy7+mZve0g7FVJi8uGEQbwWybLnuiiaxBiYBMoMydM01H2vlzm
BcqULAE1uLCsqBbwWl7SKEcAUoAKjXR+cvFquixANL/O64qZSbJzVJ2f7CY/
VvVbHIdlahgZXz49efUEVnYFTDEBdkBnBfDKy3GxnGSd8Q8XC4MtZ3XVVmNA
/h1kd7sDkfJRRAMxm6X8xoj5AwIIjhfCEc48WehYvLiXl3/Lxi1rFfg1D7Ju
m/LuxdFL2C5uKlPIKqAJYi7iwO9wfAvYEHAD1jt2AEuA1yEGLGCN+FRV7tLK
kXvlLawMDx/XZPAI9zbN67mLVJ2D6mhROISqF3ggpIPARi5en75adV5bfBvm
OYizIIR/gYPUwCnGdC5fJO+/yPGDn/GawMuzqwq2hG/Damo6PLj4iytgJjJs
XicFMLTx7bjIBklOcLnOW3iqvUrNXQDBsMRbBQAACQOwpM7GGfxGuwdCB88X
8NlPy7yGTRvY7Fz8uCswafBUYGz833xR1cCsGNZVSUgH0tUEsB6uYzqZ0LDZ
uxYRZZqlCHS4HPQtvFzDRUtgOyTxlGNYNp4bCGIVv+fisjcsjNLQIwvQOvF0
DRJeL4sS4HOZF3mb41pP4dyWdSmXNdSJf9RN4Qx522TFNAGY4jSXGRIZJhK0
GiVFiOhjXADBtRmnBSrTGcCNcA/nafJ/02Pp0CkcyzxoSYRPskafSh3Nzv5J
Fz8DXUzevyfF6+ef11BIfNBqufj4r0sxcX5Xp/z5Z8KkznGAmAO3ZEYIhevG
pdH6SZBFsllUt/D4ZdbeZJmeBXzvYxAil4PWPFZCimUNQjzjYmNNUVWtZ2Pw
k2k8T2uxTc1T+Kj7NmMrzULI+OroTM8G7QQ//0zrANEJRORrXB/eMaA/w7wc
onUh2c5LoA/J+GpZvt3uLCaZ1tU8nNS5Js7ZnyBRa1S0Owf0RmWETWNIFZOd
xyfnr3b91Y2SQ148ELAFnCwQiToHqRWmnuAs4XZxM+OqvM5uCZJAouzqkQAj
AgHKwMsOerlnFg6Gn/USAReTAG1+BEkcjtR7HFfTwsEyZPnUcP/VZQs4ioPg
52yts2AdOE9bQoCfLZl9uTO7jB6BFxgyEIivkPDmDXG5FWftAit2sEk+JcaV
FnWWTm6T9DrNCzpFZgZsRFG4lfwnz2POj3gAHxF/40wKpz1tkWfBMwNL62Dr
8MI4W8AMtCzYZaBPIuFwQbYgmLVV9/z4miBPr2vYka4LQEN2BEKbSxUd2nwO
L+BWWDyYVXRilWUeWbgH4bLVdU5rbxW9h0RPgf0kxmAhV4EFCkYFPCYHHoJT
9DmtBS48YqDdKo0/z9sOLInxF0UEgRF/p8savgBZDgDVEtXBDZbwTjOHt+Cb
bYCBjtVsD5IMzhIx7+YKFDgWIfEM+Rqm4SXt43tdsqAsIWQEgAut8gGct1nC
tPrwILYtEkmLorqBNeFGssKR2X5a4gVz9yRQvcpuQYABsQrt2hmLCTg4sJSa
hGXvOBQ/M0P3x0VaC46brQiVjAxBgncBiurEHCJJRgBPQNqMyJquAK+m++5A
YO/iuV7l6G2le2jxI3IZGmQ2gO7XwFVOUC5cIsN38UvXG99hgUfae4FxbNjF
jQE/YS+vNSSTsDrdzQYUEaTu2pJUguClAYcSVVBN/NUFVxMwPgqTjihJ8rXK
k1fVDb5GboMM1XKkJWkLNB7Gn6WoEShdRJH6ltEMnyFkBGEc7kaT1gjaZQF8
KG3QiiNCPW4D7WwLMnLJRry71QBiw5qE9wkRiB+txwtJssa77V0CFiZk+bDn
MlvCGRcgjdO9hoshtoMr5NBAzUHoXM6T67RYEjFaLB1GzIthvYgkRmJJdHHN
6kfJY1Kh6FXm0ZMEIJJPzSp1lkG4IdTE2qslcfH5gmT4DLk5rG9RNQ1psxZ4
rLDAK85+aTag3WO0QHlsyQIK0CJF7Qb2mE9EGPyFNWrA8pguLRzDcHZjTBap
7RfVtb/4InmVIT+simp2m3yBCnZrP/iZAfMWqOcN+uCS7eevL14Bn6B/kxcv
6ffzk//t9en5yTH+fvH08Nkz88uWPHHx9OXrZ8f2N/vm0cvnz09eHPPL8Gni
fbS1/fzwr9usLWy/PHt1+vLF4bPt7skgNFg3zREOCzQSgtzdbE2yZgyEkoH3
+Ojs//2/9h4AkP+X8ydH+3t73wGI+Y9He98+gD9QCODZSGvnP5F5bKULoNs1
joKXa5wu0ITQEPWDW3NTJsBnM4DoV/+CkPnXg+QPl+PF3oM/yge4Ye9DhZn3
IcGs+0nnZQZi5KPINAaa3ucBpP31Hv7V+1vh7nz4h/9EkuRw79F/+iNg0TnI
iaju4TFk7xYsevN5TNM5EEiAnNFbEL0M2WJxD4TflF85AAgajVFVS6LMS2Xb
MQ3cqHf8Cp9gVBHCIyJqSJNkqq00oGWSfoZPiw9QxnGkmFB40bE6mmujQjuO
JvI5DeZJ9B2l1KrFS2O/Qh7ZsoUnK0kKF9Gf+Q48ZLWdgIXE1QQLgHKMmzpO
2zQ5RpqXEyyfpeVsCTow6PjHx89YU5tMClydvvIYVDNgbaKYn2dw35Bd8Vns
HD1+ec6vXVa1bgo/NJp8PiuVKZyUY7Tg84svL05EM0Twyi/kfhaFvcOvfbVp
WqFgSBzG0jBCqdM57OgAWMglL531k7RkxU0Iq0pBSKmRqQhLGqBlbgGiCH6Y
t8xMcxwQpMnZVctkh8xpGLWwJIpPBMcYmOjpxh4vHAUfE4koMB0PpMoD2WPI
0KbMAkQu2C5pdvworLvJm1bWmU9BXEMfQ1ooW5E9ET3M+EHHpEhY8Nx4/lIY
ryBBmvkpcMJ0gnhhlSTeMJkzyPslRmgZgtSmDE2MjqTAD6o8Jjiq0tO8mlj/
IS3nkL1qog60RqrScZtgHTRF01TjnCbVpdBYx3RyBypbEJSsOYM4PxpfmUyx
lq4kCWSSjGwKOBEPZqXt7uqsjrjh+hBZL7OrtJjqDReAukeCt7ha1mPCWf0d
pNKGQNh2bTGs79pJcItEWd27KSZqMx78zrSO6IpL+Ubm0nzkSkoFRHQdaNh/
rIr/YzZyouiBnns1CDCpbUQE8UzU6wS1Ak+9uN3QusqiO7AuOPl5WpNUnIcE
pVkCaMaKrCAnEa3tWTOzoa0teiZH/egmuxwatcrYN0PRj7nXKDltA8I2LtCc
PRQLIqhXDcI2e4eucSRD1SQrCOdoIeY1nzIDbbhoEf1NnNoOmk53kbalk3w2
J/aajlHRUvLsaSnm9P3TbBxsSMXKOWL4yEpZqAeCBt+wsskaFajHl1mTT8je
ukhviyqdiMV0jr5+wCfQTki4GNAQaqNmS+eCZxd7yoQMpHyhJpNcdiyM1IDc
4fgkJCzkOfXCGLLmza4T4zqvAUWIoxZZOQNUf1W9zUog1BmoeTdkVGe9Cc6d
ZBa00CgV4CvEuojcWJ8ViA4t4IMh2tuF8ANjY8omxvLCnqGcWRkxxMuMZ6Un
ajW/mncbVtTgVqJkhBD4Mbu8AJzN2qYjKNEaylSsK81ywSNIIEnXGs5GW0FW
tOgsqhxt8QRo/k4w2Hw3AooHH9egH9NRVjKqmUQAf0AyImluBqeCae18ytxJ
L8tBDW3JvSGKPMG9KpFGV2gd+z0JVILffDRmCjIwoVQo5yJmDW+jDVw/lHsd
pxOh8HWVy5GyxcdZA37My3Ch0vyeWSVzaXzGYC2dn6i76bgGNdjy/EAULrIZ
QPWMlHTjE3U8MUjoQKFO80LJzoXw/Yejb/GqKBWS8yes6iLBBlK4Y5BOQ+RA
fG0yuulIawp1rKkNifk2HbfKUHCO+SJnryaBC+lNRe7RbDQbDVa64UhI57eY
jkzy63xCdjCyI4t1BaUNbx0gyeAyxWiR1wntlvkzS9kRm6nD9OF9pg9ME6wn
NJ0HW3a4iqoifdxFufTWlj6Jk5aWttnTDjmMZfAJ2ZzZUCvDDJAc8fkwFyB6
Z6i+Q97JGmyIrDW9it38Ek9rBhw7q0kNp/O/lFfZ8JlaEQe9P0CVcEJ045lb
aKyd8qKI6ygSO0wR5yPL7iWam5jCmql1UvJ3M+WDYdAPYDm74+kWW1GMycHR
UQRAA0ilj8q6FEHciDhHCxOzHa92lJwIttBqel5xHSdqXu5bFxniNsI5Yx5n
3xoem2tktOAkuysHVbB06MiOFsd8CcVDXAkPde2DNJpM7A5rVsUGRb5MUbA4
F8RRyY0s03dZHIV9a8t5ceMr47srflRokgJB4CJKb4SyaZ3O5vZ0QBitbmB5
wLyA+HhuclbnG/Mm4hESKDwBdNho9AqSwiGFTqSOK57UM8QtMf0nO5fV5HaX
3TtKNAfG0UOPA/EiWRzgVatkIlKwHK/a2asx4F2j8j3BhXYgfmS8BXRjGjw9
0jsLSynpDGlYE+yB5A7XhxOSEVmEPV999YRGjXJi4Fjqj2SgzoaA8NmcZBsX
s2gOZArGK+bLVyLyIxOUCJ/JJohNp7ZnzUH7guKNxlGQV2oB0FvUeAltOAVh
kYvjUSEjy8lPp9ZKmpgBaPxvcofk7hu4cNAQWjHqijcc87rJscIVeqKOL4yQ
ukGjpRU1QwFzjfg4CEMMUFLQ29N8RFCAur78AyDcWX0KxGJw9uwdXpCc5T1S
CNTdIHoAzkPMYEFy2Jh4Hn5oAKq0V3zdBlFLgjWJeoJESMTxVu7d238ARLRF
WcAQW+OqACUtW6hdhc6nO5sNEECRg87dGKiIt6XmHuOMTAnFiNgrJLC9D2WE
jwmf0cAZ0l67kTkducIEIciyxODTBHpgTzxGIMLj25PlmJTQkOSpZYVk986L
bL8xXnZ8Aw2HbhQWEtb0LTtF83KxbMV7xF5/d7lquYKl8OPwlDzPuxwGpld9
TzRSURkte2TQSCIGC2BuWEDWHVZGHAgDVxpo9utfFTfmQOiFNydR/LbN5gt0
WLHhNeqcMyT4sQbBkP3W2HQJieg4spLTwtjIixksxn7LYaSKOlYXGeiirsh1
XKA98yYjq2bOlgEy8QhTBHxvXL1IrJcyBJAVip108IpExAkzJZh4QJx6VtOv
OI5Ks0sMXmlNDN/UICk5dShwMSXDFTA+RWc6N5LgOidl6Dp6CW1Quhpzq2U5
MaJgTOUXNweFoUR9EWpP4AuwbKxm1CNFIk/y5iVKGpG92P3Z+H4MADdGiiZX
VTHhpXkcaEzkdAez6pZo/NntNwuQ0+emSsyRGd3/Isdx5HM3ksNQDysaLCgW
gOQF967Rfb5iExKChLmTob6kQ8hfTvyerJUYToH+zWyhqK/bYMZXGZc9C2PW
bJw2KDQ94QgbZAsD1GTHmXvrhO1SdFO4cFeKEktEsDEZBAOKS8e9LBKVxhkZ
3gzSHYiPxa2hYogoaoGyT/n0eIdVZ9SaK/KWcXA5iIi0I1nCTVUDvyNp4VqX
SZ8B5pw6IcjIZPmVAZ04+9iMXYZYGTzGIRuZJnpYemqZFDColgNjkIjq2ZQZ
ghP9NzZfjLb5lnkokD4gY2kxcmCXzsoKFNMxAg6jOrJ3KdmDyJPema6xy0LJ
8NBi0g1QgZyJuUuxHDKS0TqsVdYwy5MFJrHUIJ4eAzrn2fApEJc57pqgiURz
5+T46csjcn5RPhjZX4DJe/7CPlbvORG3trx3NuTfQXAs0n03MK/Hm8kR7BxO
QVoru78G/rI3FwUCEx6iEwunaMCPWZyarIXPQrvT1tYhmULJAXArWwgYWJdd
Bav+e3CWQ9FZulylCSJiLV00xjBaoMtYXKrvW7WQM6zgURLLo7zhuZ6YXRaJ
uR64hEOweT6NyDu+mb7pE2gk8GqtlMLOgGruWIRHybP8rSVA3vJ6Kdigl7cJ
IxgFF4ojy3ADQODQ8cK2VT1Gx0A94DhFOYrxVVU1zB3wLSWX5JsCHjNUtnCZ
NrnxQsCy9KTHWYeh8ux543hpkUopzWcM7sdKH9NkfvKWO6ZBfIiRh1a902SZ
YzJmg7FPPHYHrgiJyxN6z55+xZ6AZDN6ZOQgkvkyctihDgTsJSfzpIYcc5wu
5hTzdbBrBf37Gh0tSImVVZJdxaAYw5a5L3n2YBTy/VDkeJGOrV9TglKNAO9Y
LaLAswtsMuRQZAiw+3azdUhjR3UPk/7eioTguExCIz/BBPDiUEyysHjCLw9Y
Eh0rkovcHe80Ur7hfI8SjY0NTFDK51DjnMG63SkYeg5GeD4qRT2BjHWbWB+r
GM0IWUG2lLGAlo6y0cA+5/rncZtOBoUx1dKbowjCLtK8JsNDDGcfbYSz9mwN
eqGLzeP2mY1dMen2DB/nG0REuevooiZMnljbdtrczucY0ToOb+i4zoTXND2Y
bHRhcaF0ySllMcwzkP1YAG3QLDke8j+hNIIrpfXx/CL4wmKxrAWcboB8FCFn
LKETYlY6f978GljoH/NKRHT8rsyHGt8HpIZw4+AIUCyUcl2WMFB+Z5kYp8r9
rSLZXjkHb0By5oyqY9wW7s7oTSdq3G4Mk7GbVuPxeRnP0xLAVnthKRzmgTtm
PUjMfp2l0MMcUpSh9QA5BblijE2RNFI4RfZmwl+kqlDCIZqdMfLb0i3fD0Tb
sGB08Ufw0bp93C13IcohOprMspkWwN5bECMXBlJ9aoaG/rA1m/EnECDUsMea
mkd1PT2hzjCw2jBZ/4SQaQWSt1fTAaVQNsq2ESy4pBIJYus5PDpBX8M8QzGG
Izd8+mFDtXQ5eSkyOhv+MtfgxytRtUMNEDajwyv30KuJ4POSqgNC+Bh25Uqi
xkovxljPZ+TaOhztUX3sGsemBnV28XHYunGNubYN11tJvrtbitDAgTGWCITH
1n0e5byn1Q0KIKDI0420lkcKFK8KBQjaXHRdhmEhk/IXyaObqHwUw11fqvlQ
XZQ/ki3CAxS5FFKSxueE/8sG6So51NMCI77TVrOUyTSNabdEec2bEZTrZFVp
bCUcaYVYo++KnXRynZYtORumUS3MxhaUkyTiPZFTwORmjDHlOBgeKDgxTjVW
h/5yUbkG0lQEyRajlSRsJ+ZJlMwTdbh2UnDVnVzN4dKSixsUQCAjwBEXoLm3
GODR46BEztRISomkRSNhQOn7SjKsSLDJa0o1szzDulR9Ha0DBZtgKP5YnjJd
u2sbMeE5170ta8acCdGzRXWCRDnrmDhIcs5nWAkb6302hLKzNQ5vyXG41ely
ysDKLJtI0LdvJu8xeLrMJnRdk+7pWsdD47zrMl+6KWLrcIIkF0MnNQufqbhQ
tIB6Ejm6NLKwOiAdoQBYyAzdWmIPcOiKoTuOco+3ESXNsropsskss4UKphK5
nINgxr6wPhjJ3XWhHCf+TpIPRghZnjlgSYH1ei9EQaRXAcakSwXlQpLZrPEw
VrFfJNwYPDfIRxywwdxeEeMcDqk4UDwKvMLb2o9OaKchI0m1hk+6OfXWj9lB
NbU+9GOaKq3GCS4Ll8gXVInF+MYSgphRtIrFRoul4/Mzlq2MvIpWBIE6kk21
bjoJCV2bq61p8xo6zzvvyc9GUDrKacSyeWGM9DLwEklH15blKA/rqAAXvEAK
n03iKDMwGBenCP23cgNL3YqlGZNJnQG4SN/KHccGZz5UPXPDdyzMc8D2F8mR
JpOsM0h3sk5AgWp9PcbIy4SlxS0bwjwHzS0zzqoOEs9JOhsXKcWnqRhpuYDG
dXihmmI5EE5Adjk3Vx8mAoo5fksUB48H85HqIOrTk0fpzMU3TEFluDKQAQZs
dl6w3dkwQ/redRLCbc3YkmRvnKbRhtfK2wMqo9PAlI5YEhhnIxZ7uLLr0o8M
DzIxsbBAh8E2XBgAvso4ZyAtb1HudEI9sfAMVhBAQVuBdYNeHtLG1GCBtHCB
BdH09ARd1bRpzXOuLVxOQ/mntY4Znyh9hWu0kXrO4SjDoUP3HF2OvY4qyEiQ
ni7HEB2LMqLjm3TmzQ6PI1Fx9+hXbRyfLyX0TFilsZxdYvIQuAhEDUleDcaE
0lKM45Q1c7zp+TwLbBnIMsn+QCJykYNGLwSLTC+qCKyrPeHkHfiUlAOe8A7z
dfMRLJ7F5goYgQ6JdiVZE5K2WwWQH+wgOoqGxFOuAQkRKmxuH2ecIJaTZ/CI
BtlWh2lETA8tCyhqlW7thcAewCK8KfSCT8Sm5D24N8VjBEpjDBPqO2/CeiVG
9kED0WC/5/za9sCGLCuLYP1SmF9I21inVsrAl4h5vXH9iT2J9EY6LscuEs/U
AyEcZF3BUlI2ootlIufmootRlvMxPJ+GZxYMyqj8nhQQLzo3jc8YUFXPy+CI
GMH4qko7mrug/wYIL+EITTpGRk3xT8TsYnEZHR9EHGzmjEFNp4tAkY/oeWSb
GQmQZRX3Eo0SYxJppbbZJMvQJIw2wkUrLABHqecFqj1GaSKlY1mk8GqZgrh4
kwCpWGj1As0R9O4zJ8+I2UXgpESJrblokuRYaCK65DWiInBodZsMySIdcTmk
U5MOicFuSD8bYFkX4k1g6pqyXwLYCnEwsqaQSZDEISJYpR/zTgvDUedNVlwL
LhFc2Dbeg8ds7ua8REORVCVqKNmUViA3qcVY2ts2G17eDvFfZu+rxsY9M4FC
7ofGG4qY+iI5dCsSqOxGlQas/YcD7SQOVQzw7mvKpqzWotmlfgqeWI2nVpdw
CrR5RdlssTlY5H+1P0maNtczU1fU/3Ep/dbvhh/z87utD/Gx1/x86LzXN//v
1rzXN7//Ob53nF3vJaPRCH954X/PmT7ynlsXhub74I4ZzOd+53z1AeH5Qffw
obMP+6z7HMIzGHPVtj7c6eHka5PX+oe7TpTs2BTX3bvO6391xzVTAuzX06q6
+7t3nBeAkuyku8lw+Ef5+r983Jq9j37Nd383tLj0YRgi1R+6dyvZuXT3q+O4
aP4J+BaOY9Ky+8fB27liHI9G/O7j1/Mh+Sq5wKhz/iMY5w8bwwfHeSbtCrrj
3G09svXIejYf53PBJ3wsij8VwmeM8PFoW3QcToKPr+eD964/TowpRPZFsFs1
zofk3rt7e+mlAXLSD+dPXs8fOowrAufYz8fc99jPWtreN6b+/Jet0d1+ujs5
uNMKDiID3GkBkQHon5NIZdRu3F10VT1C08Y/H7a2kJ149UQHWtQP01c0ohhz
i6I/L2kJlLrm1mYzagsXh+j/Gf1u9Gmb+BrO5v/YQiJod4GugTv9/O4TAfk1
LmEcLqHrnQjLJXIdegfG3ZJuKwDJdVRcUXrr/UHyxTSfDT1Rniryf7/taQUY
kXydZzfbIPW3GFkwJFfU99vjDH1Q2+jW14pXZAwKR9USnV2loWnNoq32Dypp
hc1IpCYRLz0WvGKikTnftVnamPAbNGw3jgGAYALLqGYcq2KtsJ5RxykYk/jF
bKhiFzroTIAhbcmWs6EHTLRrmxQZhfJ5W3PcjQc4w5DmaCssPe4WwtY6M/jE
YaIthJLX56c2KC7DP/0jD51oruhPxkf2QHKkpG9tdwowupPbA/gSIw9nOa9U
oyON7YUQeQfTNmes+u0GQx36hfoIpAyLxKS1aZ2KSHiC14aEImLw/DjC3D0/
jOgeckxMQ2Y5jXORuVaOK3HgphqWV1ETg9VTrQEtptsBVTlhjdhW2RFDLB8J
oqVFFwblQIsROkWCKA7YK+Z4LLUPr/OUPialjqLFvQJ279+jxi4RQbT4ROun
eiV4gju2YK9/zMYNyjfFQZSos//FPx5SyicOcrgwYmBQVqStIDQPqxdReVe0
cXIUl9igNZst5iTuDGGSLrhUqFNwioCNO/mLrPGJ7soav/Wu4AXVpwed+2I3
031TwyjYOhUsOtfqM3MJj+GlgMKA5iMuXGVKrbozik1Qzb9mgVwojEta3vqn
k4ZVlJicUjxTfNEN4CwFjnPSAl0FL3cAiArmMCHY3qVzyhcXWsPuWX4ySTXc
IMdoAriLZlHUtOCnpVb14c8EBJQpT7nmtAZBeHt1TFVpGN4WOdgMJ5xzdAmm
c+WRZuTGiKY4o3BoYoS0/4Qz54B5SPT+kNvdnJzgZ7ccg3AfZx0CIIR7k885
Y1lMwnbmQZS5MkDVbO0gVF/QpwmdcHFJsbl7pxgxJ+q02PQ8YG5jouEaCSHs
I4eltmItFNYNIeo7OG9eY2ZZdUfNXv2bFvi48VTInQHCNnIUCT0y/lkM3TX1
k4E0FxxNEtw6rvxemMtsi5OqGw1jd5285kWFKJA1hhmxTS9ymkHt4x4+1Fsm
mhNVKPHdK9iwgiVtxoTsoj9DrwLOz3ccCIYjJn5V+xW7ta0JUF0JhvdKsNAD
1gMTL4iv0WKaPIisgvP0bfllqicS7aNgJaN1cArEgRBUoD2MuLuVFokkM7tT
h54cjfyyGVTFYTM3B1UFYRMr1JM4BrgV+TpQteNSeE2sJkVfb5AOSB21x4BU
GIaWRZOCJm4V8AD2IuUJbKTio9PnBkt7aqnM3m4XnWJiXozH3YS2NLnKZ1dD
7DhSDMgHSRXSOcQVaFRdunldXq1xCp1HvUcuAJF5T1ZwdiMBKW5gX1wNSiRZ
YWWInQQNOUHdUWYQAI/37NSMJynNiWqUzTt5zpQ4VYMMywnSfv1HjYmfYDJN
qQL3GUd1HC9rEwVr8gnsxdD4IK9aJyfJCtwca4VJTXGpgc0ArJx5cYu9dMu+
Er2g7pTRtg02HqWi4CGng4NrFFBnL7nj81b7VgCiYgQfVv/BQVxQ6rV1iqd3
mj44l9fggVs46kxDqDQYgg+OkuQ9ctZfoA2B97K0hzNxQl9LZ3su+OqMbALu
Dm3tVc3aV1BytXlTfHbFLbikiCCvkIilItIL2g9/p9jyhmr+3qHdjGwjEp++
4mmTQn+ZmZQ/t8SS6xZ1Yv9oR05ghwaU5LXJVp/YaDIb5tDbkakngCzKuTuK
KFl7TijTc8N+P/F8vNWBGBulqo7cpXjV0dyVOJ0WnBDilRYYlPl6fPQrsqgH
GD/g58zYyJq1/X84FMdU8JpS/pBfWUbglbukM/WkTC9fKdANcy2+xeGaLImv
yHb67ac6vbJxCau6Prg1JKSKoLdgyXshpCFSj9ZIiZ4MQ8emQRim6YBDF5jN
IwDoSUUVTktYlSOQxPP9OGZ9jDhno4JWLSJ6T130pdkxjBJTMBAVMZ6EaTtK
wOZKmHiTgBj5dIjo2G0HEt1ztCmviW0JwExPkiScyF1P+8WgyJRCkNyef5kn
4VEOEsFXc3Zwd7ZkZXojELTWS97VVb7Q5ARrV/A3OSK7OPKzuZZ/w1fQ/WG1
WTuaD6Y/MZhEs41fRY039YvMUQrm10DgMWwRJUKTB06qag5HpaYV843m1UhS
BLEuIzBJ4FJwulT1VTJqtVi6U0497J05wXAyijg6dqW2M7ktGnmkIvHK4KOo
3IdlEaiErd8+rON3EDuAK4dzYxXtYJRy80b0eHBx/0bjEWdVyqKnKDv06ZA+
dbqQKbmyE6WNJpZN1DxHZRyofJFQHJbxOcckqiyIkULT82yzjFpSYKm9UAsS
2VykfdIHCrdXm9NT6fLWVRF9mWyNbyTRALuVaoFuTPIHV+zMVxojG2NBLmxI
akX1qJHCtl71+EZXaMetrXNKulK9CtSeRN5sKo47F8ipehAsnUsyrrIDYolv
OqaySoqKWbuYlqn0jC9kaYBeExgI0w1tg7b7DeLusW0gZlspLJ2+Q7RF931O
FTnmW/QnukV64b1L1F/W369h34kUptdZcOMCJ90mrb587kniriwXUVIJj3AG
Yvucy+fKnKvl3zBpyNY6MlJ2TKYMmZlcOV+3RGjF2kJifZV0jIaBtKcsgGrC
VgO9SwY9K2FS4cELcw/Dx0nLoPwQvdPGxOuD+avkGYXOGiuKVuNXMMUth5ED
okQU3rWpcmFV0mglulWQpxRf17xm60eJC/eZLcb7kYaCwUrbJM9iE61iQeKG
qkhSkczMe8bid9K7cHPVYcAHiMXOASFUZbBR1sRgZLZ13UPver6GDP7dz/bv
B3WqBK1gP4tnpMnevgyS0kxanKDOebSBoBnThdIKi2+0Kavuhxvbrkt87Ss0
QM5ktdnSFC7HNBgVXTFbKIGyI2LVywU12LxMx2+R/uO/QApBvub0JZBtTQ8G
kiSrm5J7jXDpkdtyDIS2rJZAyMjC1bTZwjaadAUJU49hk46m1MpoTDnZJB17
4HaV0jKjCJsETv7t3S8Ak5BIYJCUdPxGahKrrZViTnbVsbfCJDgInQpB13T/
1gKvP2dpldDohSsecid57lJohABfthXZX7trBWL1JLuuRAnkaBr/lpN1XCVf
49jz2jw5XuaYVfrQWp79yh1q5Hb0x6i0o2qZ0Y+dOJ0eiXql2YgMh8ZUJ5V4
vIIOUfHATem71DrA2WStZuCYxcVi2oQ2O9PzaG/kuFCc6hllNCfaK13r1qbY
2GOw781nikjSfeyr+nGBV3gvZljzSL+1H25OrQNrqlOhOm7ogx3c93bAXjeG
eCzdzG5gv+tZSE6nK1415pqepD1LNYQ4CBVgRVRzd97mXOGEC2GVagfYdR0Z
sPebtF65DyURQUASMTq3bo/UT/EJkukSEkEJ13tqW477t2xlH5GIO5w3A1Ai
7uFRN4b7S1w6UnYXCgbeflOhzrapOZNkei+0m23QtvxYegx6Zm3rZ+FwDG3m
Z+N4+HzhzxoR5MEIyGy0WI4DkKjq7tEAt8pWGBsigS3YB02UejHEVhjjqCKV
Tj9dkgFG3278ECxj7gwUR6mIjk/afPiAXEmI6HKBlRhjKOCvmON2OvYAqkWG
LYKXTdM1Dw1Es9fabCETiVCwUtqfwYoHQEsmUiIwCDGSRmldF8eADkQtaH6D
7RB1tSZK3EOrtbb0IonS4TcaCFimE5hk75iTtR2fSbtmWkxkTpW37PQ31Ruc
6ArloV5tDAAHCkc3dW54hFotNeNTWCrje/KE29f0EKa0p2BNBzTGehTcnd4t
D6Lvq0lUAOuFPC0bRiJC5xvHQu9hNttcYlLD2lhfZv5UB1mLDpkaZWdaypxa
fom+RHpYSmXSOSY79YoJE6hN7E+IemjpRSMEOcyNmRyb6M3V80LEPF43oKMO
aMTWkrFJBWLZDZ0kxkfU6czWZe/aFcNxh5SZjkZevzyR0x32ysSE2mCKUCyK
3LhPr0LEbNCRrf2yMLU9M+5tZhlLSI+jtZ77RGHAEo4mFF/e0F06yDYY0C/9
kOh7p2i1rWduvXWuZdBB/nCJUcYbE1+7Wb+U8Nr5gU/3u586GbD0kJ2sL8P3
jh/DMGdumv0IZZ3RimHiT8MwT05eHT3deDXxp2EYKiB1kNx7l6aXl2uHsU9f
jifuMGLTh682WU38aRjmX07K8UHyp5NXNgb0X/uHiT99txzuP8af/mM3xXrd
puIf33kYe+Bof9FsyDsPsz+69/AzrKb3wO82jDnwB86lu/swfODvbQ7tz//6
EcNEUoCHK3L4f8EDVwvbJw5jJftPGsZKYJ80zIqPt/rQ+87DxNH7zsPcjfr1
DhNH7zsPE0fvuw4TR+++JNn+1dxp2r/XMHdipv3D3ImZ9g9j0Gk8nlhqeedh
7sRM+4e5EzPtG6aPPd55NXf6+O9ARKdUCDFCQ3+DRLTn+TvR1v5h7kRbf73L
sAltXXcZNqStvcP0iA53Xs2dPo6mX8e0L03DPrGaV68TZUVW9hdBsFXU9+JF
30QCMCjt0AmD8UOF8mjAvXR3n8ER/RvJM9h5ZlGNr2KdsVFRXNalFyLlVCq8
ShvJOAoyzGnAoYZqkZON4tbp88BT1LrORTdhpy87JAyQ6sToSL3saENZ1/WG
DiWy2+H2Cuvw4FVOOMyOYcHqMiVdxBdlMwydBJeBKPnv2pU75zB3x8Lfv3Ob
YG5elge4OYsmNifaxT6qrZ/QYu76o2/Rv1tcIf3uPxj2k3D13a0PQZWRzX+l
ui8f/AHiY634NBigfXMYebR98zj66REvYzQafd5VfCwcDifzvGm4OtCTJeA+
P3qejSuKl/d+PVnkRTVbZjpAdxsfbKfuD8lRkebzzqexVXzaNqI02CMlSn1f
OlGgqV0Uoyg5EtomOSP6tIIIvwrj1SSQ1cSrsq3PdEJ1euxQ3Ja4YcgL7JLY
ydIE5bjXVGk1ueG/0Ldf2uFjdH84ocd+xrhD3x7q9ClOHS/KJhGqTgIblUls
3vpBHE5EtqFgK5L1uikxngu1crnPugqYvIE1qRPip429njeRqqM4/+qOMs1V
Wkejk6KhhzS/bY9S2j15dV5z6b+NlnFTM0W/lOhJeAa0B5PxKJzMS2Nf7U6g
PCxxJE80ImMVhL0j8horeF26yWlQCsOsFpKmIYGF6hWUHL5TuG1cH9/2E3/x
+nnyfXJvkMg/CMeL//0v8Md+ssN8LJWkXC2vojEwu+pb1IRnSeKoIxvgXkjo
3KWYjhsN7FOPFAkpQRqq5caus50SH26484RFdXgIo3m02KifvtodlB2VLv52
LrS4O1xv2GzZyTa0uaR0+zQsj8S8t6EM5LbKqPxVYe+wZRgyLZsYJU+494pN
bZXKH/A4kte+0iQoMxp5jjD70KUnnFBoC44GHdW9kETtb+8CkXanZ4+UvCeM
wpLZbcP+tvnEQ2dSxGuuHRgIrmHTEh8LBo4YKCTeqRCD8i8GmrMw3S9vugvO
58BFcq3uovDdJs6t7Ey30oFvh17X2ZCKjJv7ysCVSrkc+0DrGrfG7Q/4KdEl
OT9UVJxUTNihwgSAZSYvU/zernc2K0JcnLMxggfJEbIr5tLcXtTyNOmD4m4i
DKdDujKl3lDap4Qe9mjXp55+JhBt3ZWsRoL1Z2vAEDvf06llyVdyYiYvdxWi
U9CKtF/li8mXDwgNPD+cYuFjao6AqTp2HLlnhCEyrZbpdzqT2OFYRUkdisTk
zonJEy3K1Pxwo5FLX3ygIjccjNfJIF5xf/xo04GkFLddosLPVY30ILVBNYV2
1RDPunQ7FMap43mlFla30TW1D2wLFrOODYETam93gI4X0+5Dx4tlc/o7UubK
rfZyNO0BqUgOtjig+03p1za2Y77k5D63DBrfIz/A3E/Y7imdlmjpm0jxn8wN
bYErYTPfvK1QlwDZj0vWJKayb3Wx3G2tMeAWu1eqVGlUrb2ClusFodqOl3wb
XpphIsobGajCm66JGwPXukKyl3TI648D77n+iHtx2tqIFIIqzGZiiFle4nd8
xgoP72J8e60cxDoOb2CdisNL6dfHVmlhblzCFzjlD/n47fDldLpiquFbfKaa
YjzzqRukbWpN9PUYcIrBd7JaB1aYNnzYl6iJfrCcvBOKxyIa70oBulURopwL
5sZxhcWYUAZTAi/ajBS2iEcNYyi9prYxlTFV4/vaFNA9qsZw6A2nn+UuIJWF
WQ45oRDVXvPZbdaqdUtIH3eF4fpBa17uyWvZo7zpXhllwI0VpAUHH4sM6x8b
dpfCc+/XaL5VjYZShHKqojPZ5aDoJxzptkJW6kbgmkpLHJUclNroj6Elr8LO
EQfh2bYZPRVyxnXGvR1dVDp58er8r8w1KRiQ2ZUNIZTvmy5FcAyanjVT6UGS
oKVc6P8akNteBRJXG6qVmwAfJnzM0d+4lU6srm7GVcSoUGidzQH+FmhOK2J8
Lhsy8x8ep21qlGWxEjg3EetdJhN8JgfpDJNEF6ZFNj4qIsQ4XwAHbtnEQl+4
vcuVXdxgLFc6mcQLbkjtDKR2XDllOR++zW6boVtYgOtnPBglF2S6VRrBFMNj
LA2nKXkaNEXM6uZIZcDXCIAw6kO8atgrtEB2T0k/UowVTQaY1Xj64sXJ+ZvT
F8cnf0EA3Fsz4Dcjc1kkhi3HcgtvDm3XwjuoUCzbktHZbJ9GlGKz2btFztyF
QioRP98cwiq+dYPYDe2UoP8VbHWYKjSZwVLePsrRftGvxNQm5ITjfqMW73i5
kNBUW2gYc9uWhWORuZtiSRzTPXuyma5inXZnn5N3chEg5nVNh9kRS+rSqB6m
x3/52Ots8a48cc/FRJWXeQVSfzEi+seoYWDiYJplBfBN6GHYlk4EZ15NSCOd
Gyc5KSUb0sYpKkZE42CZjM0jN3NCqzHFAQIjffVLMFZnvXdhsbScT2WyNMgv
xGY/nY92jWMbxN8rJSUPy2djvC4Z3+xw/smEu0yY0O03wN9oHc99QkBC6zl2
xHQtfWmy/bQqsGeXiQXaVhqWJg9H9+4nO9igC7na69Jk4OwGvWd5Tq3+4SX5
Bf2tzXl7xnStDvZgtE/1wWIpCrhhuZvDJ1JaPCMCsO1Ucf3amWyok/0Oq4xv
h6XI9npn29X9ZIoqJjsvupecipQjSs5T6Rfolab3Ca4t9qBHtd0u3uDAbivA
NTkbUmvFKvj2RhParW7tbSyygaWF2xRvXpL04yzfPR4WrVzaSvlg040PLwFb
47jSuWNFjpgwXN20x4RB5OuMksYdzBvt9eEemWj0jKIwlxolodMmbchiranm
5+rxO9UMQtCyd47OT5tdPOSrOtPkfPg54m4N1MUNcT9Y6+rVur2t2cPldrj2
/WUqitkiAl6rWWvPE+IIkMjftDiBb/+y1j56gu1UzXaSFaY+kgGibvJVsFYq
QFWYCoOOUZjdljYHkJ+fsqOLh2gWKJwsS7QWZu/g6jXUMBBoBsjofto+G3iD
1B1pNACkkb1lpv+8KSAjgv11diDr/wotcurGlZ7zJPPC1UvKJRZo4QNx703f
k05qj1shuPdsViD3V2wpBFGpFExctTiBSc+qnDYWn7I0ZStrhpOiS1EGk2hN
8zSZUQScc+5dvFeMNwoE0eQXL6mnSJ3Zr4GskLDOTwU+5TAgS4z5tVYoJWp7
U7lpbfKGXxNUw8m0Ubx6DiaGCaD75Q3c4jc88udjBum8WvL948pg2msT6SoK
1HNi1FmRLijZ1mwrTryjPneSURoQUtijzwdg4F2bLtCeZ1DE1vg0PKJZjpVr
Ynb4gWuDTRFxs5pY3sSJ39T3BnDDx9WEq8QJ3w7tGh2I+ofgl6bkupOcUq+H
lKdlOozJIkPL/i2tDyajQjTYq1a7nFewwHR+mc+W1bLRwtdwU0gnI/fIQFVt
KVWRGZ3BnvWlVEDTGjkup/KKhPbwOwAcO5anPKjOkHuOciqxZ3LkiVZfihiI
Tgc6I3OdUSi2nMkBqjDdlT4XRjA+TA8njSLk6Z6tpH3K0mKuvUSdWBv4QZLE
eu99J3NXpCb3PkqrUm1huYj4pj0h5uMEq9jdjFcZ5XVzZn0jOdFrbiQes7FL
UVY5KiRoz3doRpfWqOfJyg8hoXMxzKwh0J3DGB3xHpWSmsu45Wqx3WnX+O9Y
y5TZLSvz3cArvNif5Ypp32qGOLbtpW7zRnk06iTFAksJrFLd3FKrlRRE0g3J
ZRjUMGCCjVq4ieGLn7ej+EYMhuh1H+qRsMrEVsdgrLWWR38giRBrLRCYEbiC
iq2t6Ns0vCId6w2LkZtyoQFpVrGL4KITRpm7S3Vryq2vUIUjeQUtO1P1VrTk
agPhnc6HbaeEfBoEPbhxi8PktJW2Ko2VU+j5qyydOCKPsyZbg8HA0BIlELo5
JKxxWq09lwT202MyiXOWP1PoiZpKfGH/9/ZlzX5vbxeZ6Qf3AnAHcGCaw80C
9vJ7vAH2FRYBn2XlrOWYYf6AYosaHoNvIs9Y2Ac7NjR+E7lvk61Uk6jwcRln
FWFNkVDluUl7YiZiGqcsLMJhTFAY0Z+VoUVRCW71bXccH3jTCXX87ntR17hW
logHkeZqXmQkc0ISVAlwsHn3rpGm3TWS/U9MeGpb7MR0Ghsfx8Ya05PKlvq9
F45saZOWqnPjy8LQZ3cakgHFkur1Yw9G8QiguTeNyxSOLJvoBMQCN8hs6NdE
xFsMOW2YzGDF+6U4q8zDgEVexykdNs4vnOop60LlJKrFD3UJxpNqxqXfModi
/3LTNqnpwEl5momysx2UwqL+hHKZUdO8URpQgEU/bMZiLCVBG0FHMqJX9oaL
PMUWJPIJ+z3aK9L8YAfl0i2/GX1+T6LcKkQqOJu8sHVK3KVanRLvjAmOoLwm
Dw879C0WzGIvKflqNMUr4CsSTNq2qkVtUnelcwA9VrN/NGq4UmKzgTO0lOgJ
RovIRMJiwpD0DSS7eJDu6u3V8s5wjO/wHv+BfMI+cer4hcUNhY4QHmtzN0di
HPtlpZ4BZujBcx228zx9NzycZZYtWpbyKRYaH2mR/PByvFvuz72pVaY7tLXF
HBlhP0SvtdJ+gFsbifsUz+T0hgqNNfB0CRQBIHR+cvTyzyfnf2Ud8ORiIOHo
GsJCNQbh+DCqGiMLD4umWs9YH6913vXxMM+B92kstz/anhCoACBNbl2J+mOk
gohWYWDgWk9ToTxW9ohWgxMb3lqf5eN/LAITHMVHRJ686tVlJUqhJ4eOVQx7
RBTQFU2UsFSg47/pZlowYTAeGHaFA06E1wktf6YvQT6VrtZcgVNinsnIpuho
y8fqsXKekeeA/qeT2Xcyd5jJb8G77PUtYH+G7+ZUKa0rin2KBCYhefDARrKY
Y5TQcgYajZcbHJW4Zi70N8TL5++FsowttVMosy2+87y14DtKgeOIaYkBGJna
nbVH+vVaLjmV7QnyWSl2mYgVYpQ8rW6ya3XqBWZy3IvaPfq91TCpdc3FLB2m
jYqQ0o7DjWls1efld5zbNo+r2+6ISVy+SB0vvst7FzU8XS2bFaooogUmt2Dp
2K6h1pkgNv4m+V3ALamm8EDch7ZMBRuCyYlsD5LN5abu6DtjHvLUoptOFo1Q
7UCKi5MKujSXGSx99zfsVuyVlj6/a7F3qtC9+Ph/Zvfis/xt9luh0DTBb9ut
94St8nPAjEHslv0H0O76nJuoNPjAoMxAStIvssks4zpDH6ktqb4ACG/GcMrs
CCUwYhNli9UeC+MYVQzm5WwqNyD/F+QpYhR0crkpOWCVx5c8MbGuwco+3Di2
T8pCTqIdkdd4gHvP6FfwAvuu2NC4G3iCpRV2zGr2eTzDIFal1yJZfwL+dLJd
fYBbCQuUJPZ+xLwAn8fLvM5w6qzUaKR35g8burIff2ZXdi/ibmjzjLm0I2Nu
bui6k2sbA9nT2jV2+SQitHMdPX394ocLZgtEbUyqqsRROrJityciBb53uP/m
UV93jBAIyZDWpeuQwrgRgvca2iCsU2OFoUOugmGcPWYTmrd0A1bxrY4VBABt
asxZZOzWjuD2jSHk3fTwYG+D5G9L0LYKEtf8LNvOMH+XE+uswqiDoW8nr417
baUrDR/0K5NI7vEd3Egde8Qn0cBme9Xl2Jz0ef4GlMjSIjSaJsZN5dht1x2s
aRtEo2xu3LUYu5lTynTa829EB2Vd67kthdG5NHiO4VWGi9QMDNGPUPMpFeLa
1rp222vwN5Pn/uFcVhEGU1GaGBIqu/1/+rJ+QV+WKZ64gqkbBKPieNiS0UAl
iPn5PN6AzxXZJtHBhpILX2Lm+LzDHvEP358QGPK1GZ/3lpdDGKzIpEUyADg+
LBlifaTnSKz2BLU9OZ14ZU2Uh5n63ih47V7kNfaw3dN0dxNtxjUXfgzEzyNH
/AxiDJ0KegEwjV8LB79Dtv3AI5EKozxojgz8yGKqplF6afXaPtibXBNDv7Ax
TjDwSyLpR0zSFbNN8FGn5/uUfJ9X0kVRQUGBTo0b/CSHjkw6C8ND1N7ulYkM
SvmulV7uJqgYHvKZxf/DaNXNeTrWPCsTBBZAxrPgpk33en1UHFpQp8wI+53s
XmLqjX8qYcvQsFNdGQStORqgIgDtWBfOKVRzVlfQre7UiOKtcui0JVzBnrGw
ju2XSeN6efNeUBTaUgtjAKVTyrVRWoiV07BgXrR4qIPNb7NbjVSE1eTXxpbU
fyqYAawVS0n+dAfTVGlOr6SJfdjRQrk+XVT28hKH3HqFHPYotyeV+mIrRXtG
5B+v8iILtoyrfIPLfNOtJO6gysBfur5IgHLeDcUlbwQD9LCzOWMG6ABSqHVl
NVc57nhvb7N8ywHdJUsQr0N3ehWjlVne0pbXVEr0i+D6wdZaiKCnHEAYRp5u
pqSZIlfcC3WzILWoBdCB402dLprIQZfqwbC59iwLU769iHb2u7tk3yuS+1TL
a7mahMftVzFjO9nY0FRbBSBY8qXSSvZ4+tPydNHCA53rDzNIteIhjm5os2Dm
kvVBBSFSnaW0JuXs1bbF/qZKKUU2zwvEcVa3SqoIe43OYUCeJq2R/S5RIEib
vDDCJFXPTMt8gRX8FKGDtO21jcd9BgHS9uNbQ+wDAolnzqUFuXSrR+y5qL81
anjQNfbDsMhjIBCgzXyhvVlRGx63bm9Du9moPYuLq+XNWIuFmPkpNAHIbT6R
LtlV1VpG9APguOmIDd94d18NdrbWtNR27vPU8bXarCD1WqLJKrzUZSaahnBO
J5McYZAWXm0/Of/5HKDjE0sUEu2T3d07KewoBtZwJM3tfI4F2sZIAkYm4MZ4
94nyI0hcUuHYC7S7hHnBopS9GYFl06V5JF7tyvq7Kya2XHMtF8uhVRG/oAiJ
r0EMzBcYsIGvNH78z32T6q+Fx6PJLDaCpDFlvL/MJ1+G5sEv0bD0Jey8Tm81
YYjiCykVIcEDLmd2BMxkWTvG9vkRrHubCSCQiKwQ0+ThxdHpqYzpVxQ0iRgo
HOVUkerF62e0Bjt5WszepFm6ZhO+m5/x+aSkiqoIv8NiVgFOX83tnfZRL4yB
wmoF35KGODwe5Vk7HRIFFUI6w/EBRTDQOOI610JjeL50gWjvA1aVnfIIJP3/
GeWqbd/oy4qyWvuOXl6c2B0028k5edbrW9sUNzX7e/8eHx/Zx4nSMyyfdU2J
T384fmKu8ZfPVgM5FbOH5B/lJWeu6LPIfRWnV5xAx9IZEIGEBT8il1o7NXql
Sgwc4itrwNk/74B0W1k6yuZjFJ7JCSeNSLF1QTu+QjTkAuRsDyJiyJT42Era
8J27nq6iyuI2U4SutP2DR54stemK3KgR30Xg7iba/eDQH6qQ/jjSRHq5qH4Z
EfFu5vyPkhTRwuKXlfooefsHDrMGvdlIBWkbBCptVlSJQExGBk9kEEG8T4H9
mMowdzM6rIZpn0EhhNLF08Nnz8jdb3ma2MiCZvREXdbTXtn3aimEQ3cc8iwR
PEyMDV/cVZuDEFu6J9w0yl3V8ORdizIuQUQ+WHCp0Qy0Cqxs83bClW1+SL6n
J3Ya0OYHyekPzwfkuRkkz3b5eucl3F4nihWnZMJaZw5wCDFwELH3pY1jgu4v
b7z2SqmK7YUYGZe8RRxOy21MkRSYjOk317ama/Qk1ni504ghb2I2o75Y7XX5
Wz11qFcrWhHqE2yATUEr174+6m3TTHyzg9CAFI2TjgV+N5Z6ufVlVjryNk/5
ilgbPzG76iu8CSo8dvnzGjkrrr3IwAgeHbkho4u2iKcGQ3RQLJEYQs59Apa1
jZ+nkNKwdTtInWYg7OczmRQw6YHfmezo+PgZ2uxpGd8n/8IBiYv8OjlILmGi
gUQowp9LQBP861+9hlHwCUUkU8I6vid7OUOmDGrQ6Z99cU9Inh8maxeupZzI
AfHVhlc0C7xm4Quxhkgfw88lXtOyX2mQo1nwnbQHZ11Vn2eTlIia3F1UhDst
btJbQx3wsjqgjAJR0CzSsYnFha/WEwo/wClqEvhFfAKf0x+gZxoTHD+iAJ09
ZZRI6aTdAlqqza05nIiP1H3DSdig0nndJ1bcmi7Se770SbQw6kdj/q+iVm1M
W1lHCb00gVYi5j8WXEiwX+HWaV1P21WqJkxsgNBSashyPk9r6d4JmNnSTet1
A7FtqEleUYWlB0qEq3ShbonKxDSdFFx+YpBcpNNs2FZDKaxr/cLGL4V3fPhD
duuNYfzsFJ2TzNlnjxJ3OUbzwgfA5hF3/zuC/17Dfy+wNSH+i7jHX0lC1Qct
zvEByMU0Rb899RN/fLz/8BvqH+j/Z2D6AZaT/oTtDZO94SMec6cEvN7FTq/Y
WTAKM20uGJzNKDn6/ghr7QItHSSvv39dNgCcQfLi+xcVQeEH9Aqdf39OLTdx
4O0k2mqwkz4XqRFBet6OAHpXjIlM1EUoMlUHmSRMJhr0JWJdK2HuVBvMGiR5
jNqYu7AAl9iIU27sNiPJn91rUp1CXhMTW4izOYv5Rdo0cJKoUgt1APxSwt9R
FeS+0H5tItXJ/LKa5HpZj4z1T/V7NPW5sVJxTyMN5jePktLDpl9V2sacnb6N
efCb5zAmRuuKI44N+njgcKyeIpc5cq4x3XGi80qfc0wJVzKzK8mmThCEaRYY
0SZWO5sxXoO/JiLJAzVSd1kyl3u1FaH8uelWKBoXoOmMMsNrJkWMBNGdduKm
0gUS3loCt51oFphFgHOcFW0aWjLvi+GYyexu2AlqE9Rd+m73DuqGfpJ/AJzt
zy7guihc87uJ4mC3ELit1N6sAIwfDJ5H8YudEb8KWmlT0Q3xKsiWX4dCsnAM
gQVU8LZgIjDsM55zzgzjhaN4ZIGPZxLuzkZQYnlT67lBqFIbu5+WyDid9ZOU
EPXCoWqJfS+13pnUqWRnIpEHko6uAH5ZuT46yIdayrZW20jU18TukDvzKVq8
9ANJG9NgzThdtY1joDx8WlbPn6gAbtorpLNO6t+hQQSzAvJD8sv+kFxXzw8l
QtkYKQ1Dsoa4iJHSOlDoT3h7CJLdZ7cl4vL+I1oTJazUV7GDwEmJGJU+huIo
MyQJUZEa22kvWvV1yrKDvrIu+q++FmoR+Kfh8O9hOPT0Wq9qIVmDO21v4570
3li3tdbE9ioIQgmBeZXaUok+ZSKssXoAcZKlBOf4Q9oK8G6+oYRF9DBqM7rL
qNYNTzVupI7lObJIE2fjD+6Un3yNt0sf8+RIWJcTJysSB0ccfrT4QQfyjIDK
d2mflbCeYCbWuHoimBwTxvpYqI+zZPTFTn2MQcPq7R2DRtSYMZAketXkNzRZ
yM9Glotv4cN3jtUCfw9B+YFs3PT13vBBvwEjDiq1Y8QP6LOZM/yoOjQG8Ozc
rZnlbacun99Qx7ElutF/jRObd3nbjSnU/PxOI3pkXlhtwS9VNOoxvET60yEV
peYm3q26Z0igNuJQkjZP4e+xYYC0RMNNhA35i48nyblL07q1WU7C718wlmXn
L8nvkj0OJwUi9hdZfzWZqOSRUtVaZaRfUmjLl7CWYjk3dM7BhYRw4UI3sJ2c
Hr44lLoR9a1P3al6RIhkZu9ckrTSpJ4m4ZZQsmJTZyExlmUChXndlKE5UJuu
3dRfHCyKgNIpdeTETvlFZIX50DvGY2VTuu0ydPbs2hSo0S1ssgiME6ou/wZU
zvZDknBE2Ho6m6HGhA+pDS5koca9LhaDJpOCHK82Wb4nJmtRGIc5ada42v2o
u7TXENs0mDARL7Rcq3ppOX8DTtr4AoQL9i6KvIEDkKqdalvtnDso4zCwIePH
GGCE/hX1S7Ywp8hOrg4QFDG5G/6KaLQOc0kNM8jCyiqeNmwXi0JY8OZOBx5u
ZpCWpk1O2ngXOCj56iDUXzsEBO9DZBaiHZQPhPp6SaKKcyu+T3b+CvLDnkY9
Ouc61Zgh4wQ0kcwsWEW5NZEcIZ4OQXJ68apRRlWE5dxGVcejqB1PiUvyGTmE
nPrGniqw8fh2576lH/5V3Qxo8FgUnKvVjEyjw1RaHbJENWaNy4aBy6x1Rj1Y
MCSt7NzxDRrG9fC4KLnn0uvrV2Ke7QPyatB8gmX+zImr6sbbeQaTaPCdH5hl
Shms94N/dMCbJrmUa/NbuukM1Eq+L1Yt9TavV4LOq8w6iSImK6M/trCJVP0W
CQLJhhdU8ypYKStgEf1tA43MN9Hnbdw07x7HwFGy73QZVEDriEIrEjoCstnl
spvOy2bNhukInComB3Q6TsJAqAegaukmU66KsDeWKzdYju3ZJi1NWbOSRiMa
EyXy9xSEinQSp0Nm13XD9OlIux0ZiGqnBo4gRi80bNVstDXpExTxoTK1C5LW
XJMuBnYSZYL4lrSXihnJ76PFO3chXcKPT/ghD3HIquAtJTz3RPzKJZewZNvP
xdOXr58dG+bfTc0YaJ2ROCgIkwkp+W2WLolxz5ftkiN1lvA8ygQo5Q04EprM
qfNlqTXk+vKBYygstzk3gIETFluBFh0xiyOBkczQMEx2raisKzZdnEqW/UYr
D8+KxaydN5nV4EWEEuEYVrss+ffPdoL7RoCmhbzkheSe9wMLRNOtfnr2A3HG
q8VbbLfCtV0xnj/GwenhU3KXkyDuRL0/xzp0XqC9l0tixHudSNeM2MSGC7FC
23IRNNtFlhbJBawUNP6LKxCR0YBiUk+7t+DVlesFck9iSZU56aM3svB7ThSf
OSiCnkvdMpD70I8uDQwtkjq2tL5L3uW6eP42QYkaihbUEcPHG0JTd8kXoLIP
7K978vvzw6MBYpH+Ed9SFLV8SFQGTVS6DzjWR64iTk7c448Sk2VZaI+2/ygE
JQImaUHbrbUCA2M1QQnQ1Ls+pCtjPUsiphkVmhcXuOsfhHdT4xVx1AbjVMbJ
YnlZcKqbJUXit1ty/mBrb/DbcxOUtuYGdwIHOnSC1/L+PRv3eRkcuGtqDjSW
g5NnGc14vXxcEm/a9VujM6+kQBjjYT67al3xF6UubDkyRyS/WINczWbYRfQB
ScKAtpC9S9FAMWAC8erZBV7qtkC5dnyVgtBcOKWI3UHR4kztTrw74Ppo9DbI
MFmD9s68ueIkTWwRj1Mu0rymDl19WRKOVmXyNjfaqAbMiiiHJ5xnjakoB3wL
j0pT+C64UJvrNf6ySc748FAQe/9FB0c6hTtWIUw0ZhkPY8mU55fCHOpBmzfj
JRXNTC+r60x8f1Rzpciu09IoLWNqlxA9cIdXKC2PldSIixCSJ8RSru+aj2iD
qvWHautdtVXR9Kwr31b2SZXAGDZ49ubw+Pgc59D20GemGW+s2oCHeCbowWjW
XGeUSLMJ1ecc/E0Xn3BfjMPXr56+OTo/OX5zBhhWVq2rSwOKCpYEYsMY7gn3
aDJGdjeKTF/uYtoPb85eP4apot1wwtcodzDT985P//zmzAiuIZpfkhDDLeNm
y9pNcUQakOzwAXgbZufqj0GKmQE2Ve4oPZB2EtwjK4GX61tK0V02SLOc3YOU
VTU5PAiv2niKLkKYOAQgxxwNJL0hmqSoqregx7rV6fEKpiI1dpekDLxxd/6L
bBxlgnTs+oIB+RXs6BEaazxQmuzcZEUxRBmg3EXKBsIYEfhau6cHCK54EwSI
WalDKKEvchguj5QhI7qZSQVCrg8ZwTQkf+TvBN36Oq1zIF8YVUryMdnVSq+A
DdITEELTRaOVC55nyJPyZp7s/HDyfNcmrZI4AWu9TPETYk/H+RT0jeFTAMY8
Lb/GpoenUkwC5Sca/B0ON8uSneOnX784/eFkF5kbXFRWFtxlSqVGDJagICPP
thSyl6G8NdwzaY69j+yTWnGezdJ6UgiCav2okGubFOQIFaEaPK1HM6+qYtIc
9N3qDhNyLpMT/MBl+4zv3uEhfmdX3yZozqH3EtIlCO4gh243b5vINeFgjalH
VN3iC5NqjkwYC7wmO9JnuRWXjN3YGF3sU5J4NJoEC7A47+ItKaSEYmr7vvNN
a2NWW+JBeom0rCpxJAzOwSg/HIsvq+4iVqhkTqFT4egYa1Nm3LZamaC/Jxt8
ZG6w8QPLstwQZyokKB4l1UQcCSae3OGsCLmbuKm4FG+NDh0p+mg9aH7UU1iu
wg9w1qPCIi3wjAroFjRYB4r8z6pdTbCQONdoxGY4+RxLOFIvSzdJDRuq0gXf
UPDUbGlgntV0JQtJfZy10PVM+J7a2l+bBsgT9Wi92zno0mlYrnnr0mWM5mhc
IEslEu2N3gWwW2gLRQi84kHBLQokNM1fnSYlsULsFI+QTHF1iG5wftJqKCjj
g++HyBKO2S2/RjUnz5mLwQ0LcuF2hLyit7or/jv02QTpAj9ZzU6YQwzM/SJG
sqllgAiRGy651y3ONMtK1H4ltxK07EOAG1rLX7zZ6xh5sRTs8+cnL45PjqWo
ew0TVnMp/o/PagpX7GHA2SLDzjSPOFBSu3ccogh7lc1hIYVDY2z9yrXuKr0X
6m59fvEnu/ygNRRWanHbQmEHqGGT/SSFWxwrE43i0XsypnEPnDHbs+Rl1H8p
LDZj+xQw8dBk3hwwp6To+vBLiadsEOy/V3UYhOn+B/GZGNTMiU4Q3tTpY4+r
aHLsvZUPBUgWjgYXsEimIMH+r4AED/xqqgRGwly4QtV0CP9zBL2ds+psV0w7
uHSCDRb+hIWXagNVZMZhL/MSiY0J4A3zqF3gBlulw5BAwc8xGlrCH4ablSqd
GBhN/hnYX5Khc6dkPtNbTOIXjdOGDa8L1ZaGHhtGa+uR9AVsx6ov0QsSK5uq
NUcKXnVrQwa0EKTU6P1ww4z5hiMEjD6KYYPWzJVbOl1n1AYPo0M9IX+gK3Tj
7DH+DJkQjOU/HezCq+nxcPStrerx4vTi1fDRvXvDh98corfG7vHk6PipY1QN
q/Y6mjXBj6J/IwBHPKOz0wefeaLjI9fHrq268XeyrWuKLrz7TaxZYMTo4fUP
NDYal2LvfxaKvb+CYns0+qrOso+m0vubUWlHceAXQHqt11B1vHcWl4SGPwRI
fxun4ftd7d0NUODoJg/rzJVRBaLTvNlVeLi5HmD+jcenHRU7avzpXL44Y3rU
ZfHrqOLA86+YPUp0m+fDMWYLBqJeIxgSLy29Gqcq+sq3sMTvuktMx1dsgyEW
hctwWBSVfQaVZNF2VbTeA37k3T4SRcusQ6z2NxdC91cKoftrhFDS1TqCqCq5
3mvw9PNnQ/zz/fsnp2cX+/fum/ieX1ZmdeSUX0NY/SzSqFIrS6Rg8b9pAc0h
75Sh1DhGWAI8LGI3FOP+kRjBJwjrd2cDLAJuSMfdA/cJFZ5lZsyUGklGBWVs
JNbgbpTeMvOPQvH7n+XU7v92To2MEjas7S48+b57bclWB7Naao7W5oz7nxl/
PFwlS8slFTC8ZAiw0u/e4qBAl52Z8ZxtaALy/8xK1qN/KlkfpWR1MUjR05eI
fhXF4jv3EN0eHOsvx+LTedCDfobdL8OhvHIvThEeRHxsv5Sc+2itnNuVxZGY
7UWErc8v6e7d20jUfUBtUXpzTUi47UspkUgL041Xe6S0nqvKpnxQhWwcvhPd
7NH/oDNGEEZtS77ZsCrSyLvx/ujx84p9xhIAPiSUPkZ5ixgpwoGNmO6YaZf0
TX4w2XFPUiKNfR+1tg8w6/96cfLsCZoX1pd1XZnsaEHZyXcMzm0UyWD8wgvj
IW+TxChpWoNWIR6Ove9/ljgnKpbkv8l1RODs8laLnpnM1IGFt37ADlP6c9iO
F+hCNYRDOgTQeVOSAqILvR6GV5VSNAptRezmwhIQi4o74K5aKo3bXW91Sc3n
e5fzkr8fmBfIHTXECKnYO4/Nt6YdK20Gx2IYuIDqA8Tjk/NXH7cdH8eNz03G
9W6Et5hODUNnUVpcUUexly9aWbEx+iaOKok1vgHDjmAqDMB2Ow2mXULSAwmE
Aoq+6Ms4meRslcSYnAP063FJtp6XifpROl3PlcCsug6h08RuuzZWvpnE4XAm
+a9Kzp8cJbyqg+QMdb6MWGaKUcVF4aRGEf/ZNtRi24bi4BC2/AXnmGuxS3Ml
mHeL4xZEmFmdLq609hgiMVO2FzROY4u7f4FbpeRBwkbOqxjydHj1CTpkL3ib
ScdE7ZVo9+9l6tuOs5GJt23i4vv3+P1IkrTlewlH1yxIPBas2k/V2U8uXqH7
+aS8zuuqnJNreueoOj/ZxbqNIrQ5E9BF4IR2hl4sgd3Sea/UniHi5kFzMn5m
ezeT3X0QiLlPiJV0C/wF3Vxm13NQRMIBWZ3SHNqX09m9PVfnYJ1yHkO9bEMr
5m56yNwuQM92zUKcY/ACaoamXekQrmg+/SXO+ys65oOkWxMFvyPl5ofs9oDO
8L756NXtIpNSu/CRQYsDe55BDYlQVjKgF7BvLjmZMFyRnlYl/5rdfnawoVBa
O2gJMmiRj8lYKPn5sC62R79usOXmNhKmcw4dmyQ/Uqu9d1jqAj7EcjbbFFG8
feHRKn1+m3p0A0IQrGZLIL4Fio+YuLDtD5PYb4nvSV6Wm7Jf05Mk0R0CVU0b
jI3jrXtNcdcumfOi00kmBeq8F7bRWov0lVZuYum5hUd3I9L6MJzAzwORpYRD
PowPKdYcVE4mGMhN4eLUtZKuMIxZ2RyVbUCrcsLRIjXGZaDFhSsOwfn715Jm
opGGdhAUAZS75mikpOBHCdSxi5D0kQGvgaKQgJBw9IcNUswIDDvNLsVfLTi4
kPRlWr+zdClf4+IiJbMo5EBprGoKBxL58AqUVEYNtCotgfll0mGupMQnmsVM
z/M5QfGq61XLtuhWKdDKhj0Q0k57VH2iMQza3K6UCnR/xWrGAUfqcFluivzM
SzdeW1vj+ZUkoqU3NO/0t6NMIWra+gIm2afMf+JCAbpJ/UaKeoSFSaTlEDXE
Nd1J2H88T985nz3Y/+7Bd998u//d/WSHjR37f2iWiz/e3//D1/hvMkzu746S
l5E5TJtBlH33KH/u4UNCIAdh02Y9udhgeBQTYAJe7UNcbWSeHhq5wfBm3Id2
lm91lnlav5UZXNJNPNLRd+NomSaXdZ5NJYXCq3/t1xJxeGV8HCI5nFdH941d
lb4MS+TIpqnI+FzAssTri8bAkXBOc7tMxgu8i4H12AiuonZo1mzDcsuKekt+
fRdseOyeMVAezmsjSU14u/Cbra0NGAqWFe3jgZqPbBLEQ/aLprCwk5df/8MK
D92+axIZqMkwM/JXNxXIwGybKlzWisPfaMwjk0t4+IoCGeG6Ygw9ns8UQx4v
2WbNVcUvM+oK5mG0vj+VTIy0QbrdVPyWHXVGxRqb5SXyKiq9jgHh7XLCvbnO
qDxe89MybSkPyL6I6TNC6kcC6yzKBLDOcbOcThGWlFRjcgAkXN4Bea3qq80A
NVGgS200gF7bWSUCxWTJPhcpkaDlaKR0r1PXxYQk0w2gbcGDGNxZ3IpTkB29
eBUWRXVL0gvTzX+ryK7G2cPhZRYjjFseCrZAKvayFgcEeiMKcupkjlQ4AoZg
BAKcuCIpr8a4WnPyGk/cCA1yJqAT8jCb4W+EGkXY9ZeE5mS7Z05Fk1V+G4UT
yLKIHtAEvXeL98G4KjKGGVZljDSgQl4pobwx5gJGJUyXQWMHJ5KpONQFAMJM
hdSBykGGhhrxFUtYEqpdpddZH4660sBNB3/46mlgAR3IiX9z0XcgTssxNd00
15vYPWM1AJ6ItmRVsXRGKNQ5DsTHaTq24dG1lHbnI8QTwdNWCtTYPnxoZE+0
maf7jBZCIjAINhp8A6EMT8AUDaFppP0fO9i1dKUUy2ThwBKKmyyfIW3UoGRM
wQB6f+tKw2Z0GRIPscimre8/mXCNxLxlGVdvLBI2NXdZM407Og7F4/MimRFi
FxMYGQ5tOByCZjF+i9aoQ5sJzNSTpS5x91qvAeIGavhO5jAqli/5CmsKoZPr
SNAlXokFCSvTs9IMyLl4rVRGMSWGTMWlhs2up2eJ0eFJLA/MdEDKmd00WnGK
eASKEpjzfo3B/UCrmSJOl+XYKENSsdlJQjNtRZ1O4z6DI3795NnrVyfGZjct
lm1mSvZVbQWyefIEm/0dA6ej2qK0kddlPsnrTObnQsJoRU52aLxdFHF5rJ9t
xZyl/9LEjIg3qFChDMgK5T6T/4sFnwg8B6b6M1NMKWzv2Lo1Bn9BGXDI9GTq
UfJ4mReaWoXPHDa35fgKSHu1bJJn6S3RLKDv+MjO4bOjXQsL2FdamEbt25z0
Axqh6VOqZmupR8bgxS94i3hwPjxfcebBzpPjV82uk1EK55eStsL1eCxVAwTl
arvSjsCZkOYYJSdUwsrUJ/DrhaV8WlI/VqtdnJrKZcnOq5enu9p78VL1KDoL
Woo0AZZiv9wBRrp3AKxARxq/zRThXx9zeJ6H+FQLhwAzcAfnXBYkh9vivtuW
ykKXy3JSSBNkSr5u1ILD/m45BUNa3F45SLylUp1zG+m46Fb/rZLcMbxtOvwo
OTR53l0Alt52TAIMNT3BOyCEjNOOGQEUKLrChnLGb6R/unorO1ORxNrJ0hR4
oXtZL3zqXMELGc070oueI0WtwFbrYbcQt44m1+l1lQtxzjLTCNO5ZE6hfQvb
yhl/IACgEBMpp5qcUKXkI06noXCOJydHTDOysbhdqAwbg22g9ZKMiqMeFXgt
acYYxqnsBDWmrB7yi2xyGpGDgkJ02oKLVRUV+57zVpN6CtOACJOBCLHlzAYk
g2vlPK9QBVUypBXdXFWIoFLZkWr5uRnoKJzxikCSbPC6yJ84+1KrjwqtGGOS
apFNZlp/P2+o8SQnCDWCV5SFZzOmaJjGXj4sRC35iPQVASdr3KI6kqLmHh0d
p+yLQw/cq8TbA/mhclqQi0mL16anTQ2/5xqXpdgVLwgjpQKluId2lrnESqEs
7ggh44avJr6TiQ8ucJa3wE1YgQKtgzMYU2r0LTCPv8kmmLdk5DHlNoOscxA4
drXdLW/NiGS6Kyn7iUoP4O1YkvEEQPAlakI9gNFKNqdnwHu/Prk4I6QxF3mO
4g7aFxfoXh5mzYKU7NNSuH3eYGowXn+HmAaJrkaP2EQc4OAmj/GwWrOC/XAx
d/xD/bVhTrCDQVQkx1ZS9r2a2I19ijF7bgPCjNx+6u/YNYvUyCkdwJAdhrPD
r7yCfVqkzSmSanJpg/r0NrAommfYXziwUwmKSJmb2x4sOyW+bRi2ERqY2br8
PSipYOO9gvEUCMwIJBxMXMlGvhIGNyKlMi+dUZ2i4j0LdrkaZ+/6ahdvP1+k
toVBLJmRIS0WSJTjQAHRflPWL6coTFAyUqNhmgKvXW5kWGicqYnIUIQlPUMv
l34qShmsPUDz3EksJ8UOBQVThZ3tuGxCl3qMUo2CCJeLaqY+YBx50np8RUhD
WhnQ0e46jNLrxVL5uZ9SSwQ7edVAARLvPMMore2nQBqGpPCz83GbRbqVDQlU
zdukqXHQ+/krqYFGYkXrnDxTZpu4xHgSEPSw3xnRfKpNIj3PeCynbKUx2sdI
igKcTGRS9tHBSJce2IXZ8Es+cyLNQUTIwBHe+1mdU1HSBFZsWlpSeZdBArFR
Rsjgwu5MIE63hwGuVyY4mliGsX82pvW2LVLqprlZ5HTgjd3YGL/jK7U8v7tm
j4F7q35dUm537ioStZidogKqgaFXuFQCPStSvYkxGmpDIcutRaEUW4uRe46Z
vV6zGG3r5Spr1l5W1gAo0UIg4mpJ7SqYjC08ZqIRWdszrJ4cVrk1PEQ+9dp2
KGS4kJbm7zMDdBTFTrECJAbUbI3z2KW/lpWntT07xYRKCaBXrGZx+RyutQFv
kfA9lLmzlS1c4y1OPNokpvLUsbJ7Mgjasj6hS5I/GYUQc2EjZLNwoymqQxre
4NzqlzTykftcP6KYTmSIiY1fZ8njnsaN4wgKA9HZ3im51iqFnpw206oKnI/Q
N4MbDm1elgdY7+GFkG8J20AgV2WRuXVrK5TZTXE75ItDwW/mQjYtCoVBdSmd
uxU/OveFQqUlp7of0ZH8awkzdlbMaw2K/XjHYFFnkrMN36uAL5hu7phZkkcF
2Lj24uX588CY9uLw6IfhyzrnTk3nGof53JgTdvAlUoZLEAJc+1mmRm7A8HFK
dvZBUleXy6bVViRhVCf1fFoWb9nvrXaSijpYZOlcND7XhMOSs4h5zOxgDNl0
LWad0ARSAgOraqxGg4v3J2N1wJaM3sh2EuYMpwRKlfnEwlWSmdhImnyQwaMx
+5d8NWT3evICwPwChjoVYdDFGBnM2RBHHRoDFBFT9L9x/WZ3arfiR7ACnPJU
XsNpL5z+24NEyG6Lu4/Ds83mAC3QAPHxW+CQvBX8y5nKiXLCCS+sOkARDlam
kVYbePBfNg48BuZdu1jGtNQs4Za+N9an00nn7MwMYj/oszgNeLNW4lhjLgJi
gwkWxmrkMGiyAxn2MgD8nHG0nTWukPNkB28jdu7QAlp46+AZHg30siyboHPB
ciTaiL0NgtMOADGKyo2aWmWvGoQvs/7ShCBjhQZfHrNRmoKoG1XUphbRqnoG
G+EeSXSDrVOlyWbiuaTLI3+S/FbnDUHcoQIsv6IdrpQ5m9v5ZVU0A0m39uq2
a7cmNzwGD/PN8eGrQ9Og4SPtcFq3SAxxBPnVdjgHdHFjnJp71Bqnf3vmuEM7
GwoseisRqOvQSXtq2JrIpqCeom0oW6nF5WtYDp80m8R8zBMcS5y1YRAT9epM
ibf4MXupCdBS9zpwqNmMHBxAiTAUq6BGGOgqTCrTEw9HN1ErBn3pSI+eH6OT
5+Lprq0oFVukCEkYhyEF/mh9TGPTcUvZNQEQZAus814SXWhaJovAhBeYbUc5
RZr3nb0DVYLLQgaWJskoxstbTae0xboZeEfCxm0k4PMFIIIsASCzLCfo/zOX
30gTzOSSZyi9s2HMPGORlHZgIKPVyx2STshqWaDQCGa16EbF9tIDtuCSOM8v
kEpjH/ewQRyJYj2wBavd00hnsxrR1jR1FXnd7EAECKzpzw9w3fONFusaGLrY
cn5ydnh6/ubw+M8WZUx1Pzc9QTjAx1jA51SsLytncvGyd1T6kXQLA3ycyzue
gdhJEHDzBdudxCoewo9QfJ5qGA8xJg2Stk0NXPkruNxxuznvjdPUKI9NEMvY
BmwHPIFOs5zNOM7myiSmkAGZTcVNRt5J4rzMFugtxPFsrqmqQawJh2eQUbnl
6Awvl0TYsrVcX2VOJK6uwcmgHqrCLpo9p22J/dFgnnZBa0miJTJNhjbejGgs
cXs3ruif5m4Szox8+A9m8vbFG7n4H2/x9tWDj7Bod8QVp5JnqtLSr2bqdrfz
cYZtPi3S2amiD2iBBSgKEv2kvX8kRuOfRtpf3Uj7SeSSZauALv92rbmiGHvX
q1GrJpEaPjqi/IGJ1JD6O1t3WehUAyNbhtRGQDeGBGGjA3+kCTdY36dZcCm2
/J+221/TdhueJIlloqOZkGZcB5cN0Fhh342AKTtKurugz96lBFRSsB0ehExJ
zCk6Pol6pWMts1s5ww1smxgglbJtGznmjLwEPQ3v1G0UIy5OfJ81BfMOeHra
vPcOrswEbF/GTkOo+KedhHVdhN3uUqeSsytQhKjhIEVBLXkZMJHKb373vIHT
yt7KSGKmwJh6ik+5HSOx7pZvdqmESBmOxPIOGJ3oIIAz0lFEUe+L5NCzHnDi
tG9RaH7een/AJpxs8v32NC0ABSQ8E9kWGnKBnWYUSII9iN9i/Zb3R1c16s2w
hMN58+//T9P8zCUF3p+hlIFJ9vOfruEJ/fgorXH/yWOUa8pSPz7P36KW8/Tf
//usAJ1YP/7Tv/93OEtsMJKixPmzrU7w/nla5P/f/50mf17+j/8zL/P/8d9+
tkn0OceOcV5haRVPSQJD1ZrpY5guznG3IGWJEQCEHMugLm6wL8SXDSBQWV0z
VzicZeX4Nvnz6YsXL/98aBj0UYZa7PAF2j6BObE19ej89NXpxckRPXX017Pz
k4uL0db/DzmA6GdZqAEA

-->

</rfc>
